Package Management Guide (doc) #502

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Closed

jimkring wants to merge 2 commits into ziglang:main from jimkring:package-management-doc

+742 −0

jimkring commented Jul 15, 2025

This PR adds a package management guide.

it’s currently in .md format and will be converted to .smd once technical and structural aspects are finalized.

jimkring added 2 commits

July 14, 2025 20:56


          Create package-management.md

ef04e8e


          Merge branch 'ziglang:main' into package-management-doc

72b8acc

jimkring marked this pull request as draft

July 15, 2025 00:59

Author

jimkring commented Jul 15, 2025

@nektro since I believe you are well informed about zig’s package management, I would love your feedback—all good either way.

linusg reviewed

View reviewed changes

linusg left a comment

Given the consistent use of Zig version 0.11.0 (latest is 0.14.1), APIs/manifest format that no longer exist, and lengthy generic "best practices" at the end I suspect this was AI generated.

content/en-US/learn/package-management.md

    
              .dependencies = .{

                  .lodash = .{

                      .url = "https://example.com/lodash-4.17.21.tar.gz",

                      .hash = "12203f48c6cf5de9a2d4558209f72b18e2c9f3f8e6c6f71450628dffbfce00b40", // Always gets EXACTLY this code

linusg Jul 15, 2025

This is an old-style hash.

content/en-US/learn/package-management.md

    
              ### What Makes Zig’s Package Manager Different?

              Most package managers rely on central registries and version numbers to manage dependencies. Zig takes a fundamentally different approach: it’s **decentralized** and **content-addressed**.

linusg Jul 15, 2025

Pretty much all modern package managers have lock files so the comparison below doesn't make much sense. The version / resolved / integrity fields in an npm package-lock.json basically match what build.zig.zon does.

content/en-US/learn/package-management.md

    
              ### The Package Manifest

              Every Zig project with dependencies has a `build.zig.zon` file that serves as the package manifest. This file defines:

linusg Jul 15, 2025

Zig projects that use git submodules or third-party package managers like zigmod (unfortunately) still exist in the wild. I don't think those should be covered in official docs but as worded this isn't true.

content/en-US/learn/package-management.md

    
                  const exe = b.addExecutable(.{

                      .name = "my-app",

                      .root_source_file = b.path("src/main.zig"),

linusg Jul 15, 2025

This API no longer exists

content/en-US/learn/package-management.md

Comment on lines +114 to +116

    
                  .name = "my-project",

                  .version = "0.1.0",

                  .minimum_zig_version = "0.11.0",

linusg Jul 15, 2025

This is missing a fingerprint

content/en-US/learn/package-management.md

    
              **For Teams:**

              1. **Version Control**: Always commit `build.zig.zon` to your repository

              1. **Never Commit Cache**: Add `zig-cache/` to `.gitignore`

linusg Jul 15, 2025

zig-cache no longer exists

Author

jimkring commented Jul 15, 2025

@linusg thanks for the review. I did use Claude/Gemini to review it, which I think is helpful. I'm new to zig so some of the technical specifics are beyond my knowledge. I will hand polish the overly-verbose bits.

Member

andrewrk commented Jul 15, 2025

No LLM/AI Policy

andrewrk closed this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet