Thoughts about package management

Watch the recording on YouTube

Prior art

How can we do better?

We have a lot of opportunities to learn!

Known problems

The leftpad incident

The leftpad incident

Managing upgrades

Not getting along with the in-laws

Wasted cycles

...and now do this hundreds thousands of times

Wasted Dangerous cycles

Potential solutions

Don't have a package manager

Package managers have good bits

Avoiding dangerous cycles

Avoiding wasted cycles

Avoiding the rest...

How would that work?

test "simple test" {
  var list = std.ArrayList(i32).init(std.testing.allocator); // <-- This line here!
  defer list.deinit();
  try list.append(42);
  try std.testing.expectEqual(@as(i32, 42), list.pop());

Dependency Injection

var client = requestz.Client.init(

Dependency Injection

var client = requestz.Client.init(
  std.testing.allocator,, // <-- What if we could provide our own TCP logic!

Dependency Injection

var client = requestz.Client.init(
    // ✨ fancy HTTP/3 stuff here ✨


I don't actually think entirely disallowing packages to have dependencies is the right approach

...but I think these kinds of things are important to keep in mind as the package ecosystem develops for Zig.

Less dramatic idea speed-round ⏱️

It's a culture thing.

String.prototype.padStart() documentation on MDN String.prototype.padStart() compatibility information on MDN

If you're writing a package, keep the language you are working with in mind. A language that focuses so heavily on low-level control deserves a package ecosystem that gives you the same kind of respect.