Library version lock file like npm

I really appreciate how the library are handled by PIO, however I was wondering if there will be a mechanics to track which library version is really picked (just like package-lock.json for NPM), so I can share the exact configuration with my colleagues. Maybe there are already threads on this topic, but I didn’t found them…

In the best case all used libraries are stated in the platformio.ini. But there, dependencies of libraries or libraries that are contained in the framework (e.g. Arduin core) aren’t necessarily listed. All libraries are however shown in the “Dependency Graph” at the beginning of the build process. In any case, if all the used (top-level) libraries are stated in there, that is the file that is needed for reproduction of the project, as the platformio.ini is the main configuration file for the project.

I can agree with you, and the project already states all the top-level library in platform.ini. However, given that the libraries are usually specified as library-name@^version, we are not sure to have the exact same version.

We can run run pio lib update so each one is sync to the latest version. Of course libraries that match such rules are compatible, but there is no guarantee about that. Also I don’t like to block each library at a specific version, hardcoding it into platform.ini.

Then in the semantic versioning expression, the expression library-name@version must be used to not allow minor and patch version updates. (See cheat sheet).

But that is then opposite to that above – if you chose to allow certain updates (of the major or minor or patch version), different semver expressions must be used, per sheet above.

I know the semantic version expression, and I know I can get both behaviors which I previously express with the actual implementation of PIO.

My issue is more about workflow, mindset and tidiness. I like npm style since it clearly separates the update rules expressed by the developer (package.json) and result of the computation of such rules (package-lock.json).

So I would ask if there are reasons to avoid this well-known style (except time and money for developing such features).

You can still file a feature request for that at Issues · platformio/platformio-core · GitHub, so that there’s e.g. a command to generate the lib_deps expression with the exact version of each used library (or the same in JSON format, but then it’ll be hard to re-use / import in the platformio.ini)