What the Hell Is a Deno?

[jhardy54]

Does package-lock.json not fill this void? It's been a thing for a few years IIRC.

[irjustin]

Partially, like the yarn.lock it only filled half the problem. The other half is being able to have multiple versions installed at the same time and freely, confidently referencing the version I want.

node_modules can only have one version and it's not hard to have version drift even while having a lock. The standard answer is to do the `rm -rf node_modules` & install. Often that fixes whatever problem creeped in.

Blowing away a package directory to solve problems for years should not be the answer.

[jhardy54]

> The other half is being able to have multiple versions installed at the same time and freely, confidently referencing the version I want.

It's not well-known, but it is possible:

    "dependencies": {
      "sodium-native-2": "npm:sodium-native@2",
      "sodium-native-3": "npm:sodium-native@3"
    }

> node_modules can only have one version and it's not hard to have version drift even while having a lock.

Don't get me wrong, npm is haunted, but I use it daily can't remember having experienced "version drift". The only reason I have to `rm -rf node_modules && npm install` is that `npm update` (even with --depth) doesn't do its job, so if you want to update all deep dependencies then you have to blow up your lockfile.

(Btw, if you are experiencing some "version drift" problem, I'd recommend `npm ci` as an alternative to `rm -rf node_modules && npm install`.)