Dependency and Package Managers

The terms ‘package manager’ and ‘dependency manager’ are often used interchangeably, and there is much confusion online. With this brief post I aim to clear up the differences between the two, with a couple of examples along the way.

In brief

Package managers relate to system-wide packages. Pieces of code, or software, that works across projects. A good example of this would be apt. You can use package managers to install dependency managers, which manage individual projects.

Some package managers:

  • zypper
  • pacman
  • apt
  • dnf (yum)
  • portage
  • npm

Some dependency managers:

  • Composer
  • Gradle
  • npm (kinda…see below)
  • Yearn
  • Maven

A fly in the ointment

Node Package Manager (NPM) sounds like it should be a package manager, indeed it has it in the name; but technically this can operate as both. Primarily for JS, NPM is indeed a package manager, although it does have the ability to manage dependencies on specific projects.

On the other side of the same coin, Composer is a dependency manager (for PHP), but you can use Composer to install packages globally.

Using a package manager

Package managers are used to manage applications within the operating system. It was said that package management is “the single biggest advancement Linux has brought to the industry”, that it blurs the boundaries between operating system and applications, and that it makes it “easier to push new innovations […] into the marketplace and […] evolve the OS”.

Installation of packages is easy, for example:

apt install PACKAGE-NAME

You are then able to use this manager to collectively update and manage your installations, updating them to their latest versions can be automated, but can be as simple as the CLI command:

apt-get update && apt-get upgrade -y

This command checks for updates to all of your installed applications, and then installs them. The && joins together two separate commands, and then the -y flag confirms that you are happy to install the upgrades, without an additional prompt.

Using a dependency manager

Using a dependency manager is a great way of managing elements, or pieces of code, within a project. The concept of dependencies are small repositories of code with defined functionalities, such as form managers, authentication, barcode generation; anything.

Based upon the notion that a good developer is a lazy developer, it is very likely that if you need to code something for a project, that the same challenge has already been solved before, and probably better than you would do. It means that developers are therefore able to draw upon existing code bases to rapidly build software.

As with package managers, the versions of these dependencies is managed within the package.json file (for Composer installations anyway), which lists each dependency and its version. This can be used to auto-upgrade to ensure that your software has the most up to date releases, covering bug fixes etc. It is also possible to restrict this upgrading if a specific version is required.