{"id":37152179,"url":"https://github.com/apprentice3d/dep","last_synced_at":"2026-01-14T17:58:15.627Z","repository":{"id":57578964,"uuid":"117175937","full_name":"apprentice3d/dep","owner":"apprentice3d","description":"Go dependency management tool","archived":false,"fork":true,"pushed_at":"2018-01-11T18:08:41.000Z","size":8772,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-06-20T09:17:39.269Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"golang/dep","license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apprentice3d.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null}},"created_at":"2018-01-12T01:33:35.000Z","updated_at":"2018-01-12T01:33:38.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/apprentice3d/dep","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/apprentice3d/dep","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apprentice3d%2Fdep","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apprentice3d%2Fdep/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apprentice3d%2Fdep/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apprentice3d%2Fdep/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apprentice3d","download_url":"https://codeload.github.com/apprentice3d/dep/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apprentice3d%2Fdep/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28429113,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T16:38:47.836Z","status":"ssl_error","status_checked_at":"2026-01-14T16:34:59.695Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-14T17:58:14.825Z","updated_at":"2026-01-14T17:58:15.622Z","avatar_url":"https://github.com/apprentice3d.png","language":"Go","readme":"\u003cp align=\"center\"\u003e\u003cimg src=\"docs/img/DigbyShadows.png\" width=\"360\"\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://travis-ci.org/golang/dep\"\u003e\u003cimg src=\"https://travis-ci.org/golang/dep.svg?branch=master\" alt=\"Build Status\"\u003e\u003c/img\u003e\u003c/a\u003e\n  \u003ca href=\"https://ci.appveyor.com/project/golang/dep\"\u003e\u003cimg src=\"https://ci.appveyor.com/api/projects/status/github/golang/dep?svg=true\u0026branch=master\u0026passingText=Windows%20-%20OK\u0026failingText=Windows%20-%20failed\u0026pendingText=Windows%20-%20pending\" alt=\"Windows Build Status\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://goreportcard.com/report/github.com/golang/dep\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/golang/dep\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## Dep\n\n`dep` is a prototype dependency management tool for Go. It requires Go 1.8 or newer to compile.\n\n`dep` is the official _experiment_, but not yet the official tool. Check out the [Roadmap](https://github.com/golang/dep/wiki/Roadmap) for more on what this means!\n\n## Current status\n\n`dep` is safe for production use. That means two things:\n\n* Any valid metadata file (`Gopkg.toml` and `Gopkg.lock`) will be readable and considered valid by any future version of `dep`.\n* The CLI UI is mostly stable. `dep init` and `dep ensure` are mostly set; `dep status` is likely to change a fair bit, and `dep prune` is [going to be absorbed into `dep ensure`](https://github.com/golang/dep/issues/944).\n\nThat said, keep in mind the following:\n\n* `dep init` on an existing project can be a rocky experience - we try to automatically convert from other tools' metadata files, and that process is often complex and murky. Once your project is converted and you're using `dep ensure`, its behavior is quite stable.\n* `dep` still has nasty bugs, but in general these are comparable to or fewer than other tools out there.\n* `dep` is [pretty slow right now](https://github.com/golang/dep/blob/master/docs/FAQ.md#why-is-dep-slow), especially on the first couple times you run it. Just know that there is a _lot_ of headroom for improvement, and work is actively underway.\n* `dep` is still changing rapidly. If you need stability (e.g. for CI), it's best to rely on a released version, not tip.\n* `dep`'s exported API interface will continue to change in unpredictable, backwards-incompatible ways until we tag a v1.0.0 release.\n\n## Context\n\n- [The Saga of Go Dependency Management](https://blog.gopheracademy.com/advent-2016/saga-go-dependency-management/)\n- Official Google Docs\n  - [Go Packaging Proposal Process](https://docs.google.com/document/d/18tNd8r5DV0yluCR7tPvkMTsWD_lYcRO7NhpNSDymRr8/edit)\n  - [User Stories](https://docs.google.com/document/d/1wT8e8wBHMrSRHY4UF_60GCgyWGqvYye4THvaDARPySs/edit)\n  - [Features](https://docs.google.com/document/d/1JNP6DgSK-c6KqveIhQk-n_HAw3hsZkL-okoleM43NgA/edit)\n  - [Design Space](https://docs.google.com/document/d/1TpQlQYovCoX9FkpgsoxzdvZplghudHAiQOame30A-v8/edit)\n- [Frequently Asked Questions](docs/FAQ.md)\n\n## Setup\n\nGrab the latest binary from the [releases](https://github.com/golang/dep/releases) page.\n\nOn macOS you can install or upgrade to the latest released version with Homebrew:\n\n```sh\n$ brew install dep\n$ brew upgrade dep\n```\n\nIf you're interested in hacking on `dep`, you can install via `go get`:\n\n```sh\ngo get -u github.com/golang/dep/cmd/dep\n```\n\nTo start managing dependencies using dep, run the following from your project's root directory:\n\n```sh\n$ dep init\n```\n\nThis does the following:\n\n1. Look for [existing dependency management files](docs/FAQ.md#what-external-tools-are-supported) to convert\n1. Check if your dependencies use dep\n1. Identify your dependencies\n1. Back up your existing `vendor/` directory (if you have one) to\n`_vendor-TIMESTAMP/`\n1. Pick the highest compatible version for each dependency\n1. Generate [`Gopkg.toml`](docs/Gopkg.toml.md) (\"manifest\") and `Gopkg.lock` files\n1. Install the dependencies in `vendor/`\n\n## Usage\n\nThere is one main subcommand you will use: `dep ensure`. `ensure` first checks that `Gopkg.lock` is consistent with `Gopkg.toml` and the `import`s in your code. If any\nchanges are detected, `dep`'s solver works out a new `Gopkg.lock`. Then, `dep` checks if the contents of `vendor/` are what `Gopkg.lock` (the new one if applicable, else the existing one) says it should be, and rewrites `vendor/` as needed to bring it into line.\n\nIn essence, `dep ensure` [works in two phases to keep four buckets of state in sync](https://youtu.be/5LtMb090AZI?t=20m4s):\n\n\u003cimg width=\"463\" alt=\"states-flow\" src=\"https://user-images.githubusercontent.com/21599/29223886-22dd2578-7e96-11e7-8b51-3637b9ddc715.png\"\u003e\n\n\n_Note: until we ship [vendor verification](https://github.com/golang/dep/issues/121), we can't efficiently perform the `Gopkg.lock` \u003c-\u003e `vendor/` comparison, so `dep ensure` unconditionally regenerates all of `vendor/` to be safe._\n\n`dep ensure` is safe to run early and often. See the help text for more detailed\nusage instructions.\n\n```sh\n$ dep help ensure\n```\n\n### Installing dependencies\n\n(if your `vendor/` directory isn't [checked in with your code](docs/FAQ.md#should-i-commit-my-vendor-directory))\n\n\u003c!-- may change with https://github.com/golang/dep/pull/489 --\u003e\n\n```sh\n$ dep ensure\n```\n\nIf a dependency already exists in your `vendor/` folder, dep will ensure it\nmatches the constraints from the manifest. If the dependency is missing from\n`vendor/`, the latest version allowed by your manifest will be installed.\n\n### Adding a dependency\n\n```sh\n$ dep ensure -add github.com/foo/bar\n```\n\nThis adds a version constraint to your `Gopkg.toml`, and updates `Gopkg.lock` and `vendor/`. Now, import and use the package in your code! ✨\n\n`dep ensure -add` has some subtle behavior variations depending on the project or package named, and the state of your tree. See `dep ensure -examples` for more information.\n\n### Changing dependencies\n\nIf you want to:\n\n* Change the allowed `version`/`branch`/`revision`\n* Switch to using a fork\n\nfor one or more dependencies, do the following:\n\n1. Manually edit your `Gopkg.toml`.\n1. Run\n\n    ```sh\n    $ dep ensure\n    ```\n\n### Checking the status of dependencies\n\nRun `dep status` to see the current status of all your dependencies.\n\n```sh\n$ dep status\nPROJECT                             CONSTRAINT     VERSION        REVISION  LATEST\ngithub.com/Masterminds/semver       branch 2.x     branch 2.x     139cc09   c2e7f6c\ngithub.com/Masterminds/vcs          ^1.11.0        v1.11.1        3084677   3084677\ngithub.com/armon/go-radix           *              branch master  4239b77   4239b77\n```\n\nOn top of that, if you have added new imports to your project or modified `Gopkg.toml` without running `dep ensure` again, `dep status` will tell you there is a mismatch between `Gopkg.lock` and the current status of the project.\n\n```sh\n$ dep status\nLock inputs-digest mismatch due to the following packages missing from the lock:\n\nPROJECT                         MISSING PACKAGES\ngithub.com/Masterminds/goutils  [github.com/Masterminds/goutils]\n\nThis happens when a new import is added. Run `dep ensure` to install the missing packages.\n```\n\nAs `dep status` suggests, run `dep ensure` to update your lockfile. Then run `dep status` again, and the lock mismatch should go away.\n\n### Visualizing dependencies\n\nGenerate a visual representation of the dependency tree by piping the output of `dep status -dot` to [graphviz](http://www.graphviz.org/).\n#### Linux\n```\n$ sudo apt-get install graphviz\n$ dep status -dot | dot -T png | display\n```\n#### MacOS\n```\n$ brew install graphviz\n$ dep status -dot | dot -T png | open -f -a /Applications/Preview.app\n```\n#### Windows\n```\n\u003e choco install graphviz.portable\n\u003e dep status -dot | dot -T png -o status.png; start status.png\n```\n\u003cp align=\"center\"\u003e\u003cimg src=\"docs/img/StatusGraph.png\"\u003e\u003c/p\u003e\n\n### Updating dependencies\n\nUpdating brings the version of a dependency in `Gopkg.lock` and `vendor/` to the latest version allowed by the constraints in `Gopkg.toml`.\n\nYou can update just a targeted subset of dependencies (recommended):\n\n```sh\n$ dep ensure -update github.com/some/project github.com/other/project\n$ dep ensure -update github.com/another/project\n```\n\nOr you can update all your dependencies at once:\n\n```sh\n$ dep ensure -update\n```\n\n\"Latest\" means different things depending on the type of constraint in use. If you're depending on a `branch`, `dep` will update to the latest tip of that branch. If you're depending on a `version` using [a semver range](#semantic-versioning), it will update to the latest version in that range.\n\n### Removing dependencies\n\n1. Remove the `import`s and all usage from your code.\n1. Remove `[[constraint]]` rules from `Gopkg.toml` (if any).\n1. Run\n\n    ```sh\n    $ dep ensure\n    ```\n\n### Testing changes to a dependency\n\nMaking changes in your `vendor/` directory directly is not recommended, as dep\nwill overwrite any changes. Instead:\n\n1. Delete the dependency from the `vendor/` directory.\n\n    ```sh\n    rm -rf vendor/\u003cdependency\u003e\n    ```\n\n1. Add that dependency to your `GOPATH`, if it isn't already.\n\n    ```sh\n    $ go get \u003cdependency\u003e\n    ```\n\n1. Modify the dependency in `$GOPATH/src/\u003cdependency\u003e`.\n1. Test, build, etc.\n\nDon't run `dep ensure` until you're done. `dep ensure` will reinstall the\ndependency into `vendor/` based on your manifest, as if you were installing from\nscratch.\n\nThis solution works for short-term use, but for something long-term, take a look\nat [virtualgo](https://github.com/GetStream/vg).\n\nTo test out code that has been pushed as a new version, or to a branch or fork,\nsee [changing dependencies](#changing-dependencies).\n\n## Semantic Versioning\n\n`dep ensure` uses an external [semver library](https://github.com/Masterminds/semver) to interpret the version constraints you specify in the manifest. The comparison operators are:\n\n* `=`: equal\n* `!=`: not equal\n* `\u003e`: greater than\n* `\u003c`: less than\n* `\u003e=`: greater than or equal to\n* `\u003c=`: less than or equal to\n* `-`: literal range. Eg: 1.2 - 1.4.5 is equivalent to \u003e= 1.2, \u003c= 1.4.5\n* `~`: minor range. Eg: ~1.2.3 is equivalent to \u003e= 1.2.3, \u003c 1.3.0\n* `^`: major range. Eg: ^1.2.3 is equivalent to \u003e= 1.2.3, \u003c 2.0.0\n* `[xX*]`: wildcard. Eg: 1.2.x is equivalent to \u003e= 1.2.0, \u003c 1.3.0\n\nYou might, for example, include a constraint in your manifest that specifies `version = \"=2.0.0\"` to pin a dependency to version 2.0.0, or constrain to minor releases with: `version = \"2.*\"`. Refer to the [semver library](https://github.com/Masterminds/semver) documentation for more info.\n\n**Note**: When you specify a version *without an operator*, `dep` automatically uses the `^` operator by default. `dep ensure` will interpret the given version as the min-boundary of a range, for example:\n\n* `1.2.3` becomes the range `\u003e=1.2.3, \u003c2.0.0`\n* `0.2.3` becomes the range `\u003e=0.2.3, \u003c0.3.0`\n* `0.0.3` becomes the range `\u003e=0.0.3, \u003c0.1.0`\n\n## Feedback\n\nFeedback is greatly appreciated.\nAt this stage, the maintainers are most interested in feedback centered on the user experience (UX) of the tool.\nDo you have workflows that the tool supports well, or doesn't support at all?\nDo any of the commands have surprising effects, output, or results?\nPlease check the existing issues and [FAQ](docs/FAQ.md) to see if your feedback has already been reported.\nIf not, please file an issue, describing what you did or wanted to do, what you expected to happen, and what actually happened.\n\n## Contributing\n\nContributions are greatly appreciated.\nThe maintainers actively manage the issues list, and try to highlight issues suitable for newcomers.\nThe project follows the typical GitHub pull request model.\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for more details.\nBefore starting any work, please either comment on an existing issue, or file a new one.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapprentice3d%2Fdep","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapprentice3d%2Fdep","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapprentice3d%2Fdep/lists"}