Manifest (Proto.toml) vs Lockfile (Proto.lock)
Manifest – Proto.toml
Purpose: The Manifest (Proto.toml) serves as a specification file
for the current package. It includes metadata, dependencies, and other
package-related information.
Contents:
- Package Name: A unique name for the package.
- Version: Specifies the package version.
- Type: Specifies the type of this package (see Package Types).
- Description: Provides a brief description of the package.
- Metadata: Additional metadata like package category, tags, and any other relevant package details.
- Dependencies: Contains package names, version constraints, registry locations etc of the dependencies of the current package.
Usage: The Proto.toml is used to define the package's characteristics,
metadata, and its dependencies, making it a comprehensive specification format.
This file is included in compressed package artefacts and distributed
alongside. For a usage guide see Creating A New
Package.
Lockfile – Proto.lock
Purpose: The Lockfile (Proto.lock) is a separate, autogenerated and
automanaged, file that records the exact versions of packages, including their
transitive dependencies, which have been successfully resolved and installed.
Contents: It contains a detailed record of the package versions used, the registry or package source used during the installation and cryptographic hashes to ensure package integrity.
Usage: The lockfile is crucial for ensuring the reproducibility of installations. It guarantees that the same package versions are installed, regardless of changes in the upstream package registry, ensuring consistency across different installations.