Tools like GitHub Copilot help developers write code faster, but what is faster than using code someone else has already written? Package managers are the way that software developers share and use others' code. But ask any developer; package managers are universally hated. Package managers seem like they are the source of new bugs and frustrations, and usually, they are. But the benefit of sharing code is so great. It outweighs nearly any cost. Every developer relies on someone else's code.

What is a Package?

There are two types of package managers I'm talking about - one at the operating system level that distributes binaries (usually thought of as "apps"), and one at the programming language level that distributes source code.  

I loosely define a package as an archive and its metadata. The archive can be a compiled executable or simply just code. The metadata includes the version, the application's dependencies needed to run, documentation, and a checksum - verification that the contents of what was downloaded precisely match the intended contents.

A package manager has a few primary responsibilities: (1) Installing, maintaining, and removing packages. (2) Dependency resolution. The second deserves a blog post, but dependency resolution is sorting out what other packages the package depends on. You can run into circular dependencies, long chains, conflict, and more. It is a complex problem. It's proven to be a complicated problem mathematically - it is in a set of problems known as NP-complete, which means non-deterministic polynomial-time; it's going to take a long time.

How is code shared?

Code is usually statically or dynamically linked. Statically linked means that an application is shipped with all of its dependencies. Dynamically linked implies that it may share a common package or library with another package. Dynamic linking is usually more space-efficient but opens up more issues, such as what happens when two packages require two different versions of a common dependency?

Three trends driving Package Management

Open problems