It is great that nim has nimble, the package manager for nim. Its ability to 
create a project template and publish is also useful. I believe in the near 
future we will see much more packages in it.

Saying that I observe an ambiguity on the term "update" for nimble packages. If 
I understood correctly a package developer registers the package with 
nim-lang/packages and stores it on github. When someone installs the package, 
files are downloaded from the github repo. Now, the ambiguity starts here. As I 
experienced myself too, whenever you ask to install the package, it downlods 
the files with the latest commit, even if the version numbers declared in the 
nimble file are same. Thus, two computers with the same package file version 
may have different files. I think this is undesirable for production quality 
and code maintainability.

For example, the script I wrote above always gets the latest commit from the 
git due to -y option. (It gives forced yes to reinstall prompt)

An example:

Prompt: arraymancer 0.5.0 already exists. Overwrite? -> [forced yes] Success: 
arraymancer installed successfully.

This may also be misleading. Nimble checks the version number but the commits 
with the same version number may be different. I have a few suggestions:

  * If package distribution will be through github as is now, there may be a 
control mechanism to check not only the version numbers but also the commits.
  * The package maintainer may be warned or forced to update the version number 
(strictly increasing numbers) if the registered commit does not match the 
current one.
  * Another option is to create a package inventory where packages with assured 
code freeze for given version number are stored. Nimble then fetches the 
package from that inventory.
  * One useful thing with that approach is that, you can also pack binaries 
(such as library binary files that the nim code wraps or some assets) with the 
nim code itself. This way when someone installs the package, he/she does not 
have to install or build the library itself. (Yes, then there should be 
different versions for each platform but it can be managed I guess.)



They are my observations and some humble suggestions. Again, correct me if 
there are some misinformation. 

Reply via email to