# golang/dep

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/golang-dep).**

12,737 stars · 1,030 forks · Go · BSD-3-Clause · archived

## Links

- GitHub: https://github.com/golang/dep
- Homepage: https://golang.github.io/dep/
- awesome-repositories: https://awesome-repositories.com/repository/golang-dep.md

## Topics

`dependency-manager` `golang` `package-manager` `toolchain`

## Description

This project is a dependency management tool for Go designed to track and lock package versions to ensure reproducible builds across different environments. It functions as a version lock file manager, recording complete snapshots of the dependency graph to prevent version drift, and as a semantic version constraint resolver that calculates compatible package versions.

The tool orchestrates a local vendor directory, mirroring external source code to enable offline builds and source auditing. It utilizes a combination of static analysis to discover required libraries and a logic engine to intersect semantic version ranges and revisions.

Broad capability areas include dependency synchronization, integrity verification through hashing, and the management of remote repository caches. It also provides utilities for dependency tree visualization, version updating, and forced versioning to resolve conflicts between direct and transitive dependencies.

## Tags

### Development Tools & Productivity

- [Deterministic Dependency Locking](https://awesome-repositories.com/f/development-tools-productivity/reproducible-build-environments/deterministic-dependency-locking.md) — Uses lockfiles to record a transitively complete snapshot of the dependency graph to ensure identical builds across environments. ([source](https://golang.github.io/dep/docs/Gopkg.lock.html))
- [Dependency Constraints](https://awesome-repositories.com/f/development-tools-productivity/dependency-constraints.md) — Provides mechanisms for defining version compatibility rules and requirements to filter and lock dependencies. ([source](https://golang.github.io/dep/docs/daily-dep.html))
- [Constraint Resolvers](https://awesome-repositories.com/f/development-tools-productivity/dependency-constraints/constraint-resolvers.md) — Calculates a compatible set of project versions by intersecting semantic version ranges and revisions across the dependency graph. ([source](https://golang.github.io/dep/docs/the-solver.html))
- [Dependency Vendors](https://awesome-repositories.com/f/development-tools-productivity/dependency-managers/installation-resolution-utilities/dependency-installers/dependency-download-optimizers/dependency-vendors.md) — Archives external dependency source code locally to support offline builds and source auditing.
- [Source Vendoring](https://awesome-repositories.com/f/development-tools-productivity/dependency-managers/package-registry-integrations/external-server-package-registries/source-vendoring.md) — Implements source vendoring by fetching and storing third-party source code locally for offline builds.
- [Dependency Tracking](https://awesome-repositories.com/f/development-tools-productivity/dependency-tracking.md) — Tracks specific versions of external packages in configuration files to maintain environment consistency. ([source](https://golang.github.io/dep/docs/introduction.html))
- [Dependency Source Mirroring](https://awesome-repositories.com/f/development-tools-productivity/directory-structure-mirroring/dependency-source-mirroring.md) — Mirrors external source code into a local vendor directory to enable offline builds and source auditing.
- [Version Constraints](https://awesome-repositories.com/f/development-tools-productivity/version-constraints.md) — Implements logic to resolve compatible package versions by intersecting semantic version ranges and git revisions.
- [Go Version Resolution](https://awesome-repositories.com/f/development-tools-productivity/version-constraints/go-version-resolution.md) — Defines semantic version ranges and overrides to resolve conflicts between direct and transitive Go dependencies.
- [Repository Cache Managers](https://awesome-repositories.com/f/development-tools-productivity/git-repository-integrators/git-repository-integrators/repository-cache-managers.md) — Maintains a local cache of pristine remote repository clones to avoid redundant network requests.
- [Upstream Source Caching](https://awesome-repositories.com/f/development-tools-productivity/upstream-source-caching.md) — Maintains a pristine set of remote repository clones in a dedicated local directory to avoid polluting the global workspace. ([source](https://golang.github.io/dep/docs/glossary.html))

### DevOps & Infrastructure

- [Dependency Lock Files](https://awesome-repositories.com/f/devops-infrastructure/configuration-management/file-based-configuration/dependency-lock-files.md) — Records a complete transitive dependency graph in a lock file to ensure identical builds across environments.
- [Go Module Organization](https://awesome-repositories.com/f/devops-infrastructure/dependency-management/environment-scoping-controls/linked-dependency-management/module-based-dependency-managers/go-module-organization.md) — Manages Go code modules, dependencies, and versioning to ensure reproducible builds across environments.
- [Resolvable Version Verifiers](https://awesome-repositories.com/f/devops-infrastructure/version-control-automation/commit-based-versioning-engines/latest-version-identification/resolvable-version-verifiers.md) — Finds the newest compatible version of a dependency that satisfies all intersecting semantic version ranges.
- [Package Content Validation](https://awesome-repositories.com/f/devops-infrastructure/package-metadata/integrity-validators/package-content-validation.md) — Ensures imported packages contain valid files and pass basic parsing to prevent build failures. ([source](https://golang.github.io/dep/docs/the-solver.html))
- [Dependency Version Updates](https://awesome-repositories.com/f/devops-infrastructure/version-upgrades/dependency-versioning/dependency-version-updates.md) — Provides utilities for refreshing pinned package versions to the latest compatible releases based on defined constraints. ([source](https://golang.github.io/dep/docs/daily-dep.html))
- [Version Overrides](https://awesome-repositories.com/f/devops-infrastructure/version-upgrades/dependency-versioning/version-overrides.md) — Allows superseding all other constraints for direct and transitive dependencies to resolve version conflicts. ([source](https://golang.github.io/dep/docs/Gopkg.toml.html))

### Programming Languages & Runtimes

- [Go Dependency Managers](https://awesome-repositories.com/f/programming-languages-runtimes/go-dependency-managers.md) — Provides comprehensive tracking and locking of external Go package versions for reproducible builds.
- [Import Path Mapping](https://awesome-repositories.com/f/programming-languages-runtimes/import-path-mapping.md) — Maps import paths to physical repository URLs using static host rules and HTTP requests.
- [Import Path Resolution](https://awesome-repositories.com/f/programming-languages-runtimes/import-path-resolution.md) — Determines the correct source root for an import path using a combination of static patterns and dynamic network requests. ([source](https://golang.github.io/dep/docs/glossary.html))
- [Repository Root Identification](https://awesome-repositories.com/f/programming-languages-runtimes/repository-root-identification.md) — Identifies the base repository URL from an import path using static host rules or dynamic HTTP requests. ([source](https://golang.github.io/dep/docs/deduction.html))

### Software Engineering & Architecture

- [Dependency and Configuration Synchronization](https://awesome-repositories.com/f/software-engineering-architecture/project-asset-synchronizers/dependency-and-configuration-synchronization.md) — Aligns import statements, configuration files, and the vendor directory to ensure all required dependencies are consistent. ([source](https://golang.github.io/dep/docs/glossary.html))
- [Vendor Integrity Verification](https://awesome-repositories.com/f/software-engineering-architecture/dependency-maintenance/vendored-code-maintenance/vendor-integrity-verification.md) — Hashes the contents of the local vendor directory and compares them against a lockfile to ensure code remains unchanged. ([source](https://golang.github.io/dep/docs/glossary.html))
- [Dependency Inference](https://awesome-repositories.com/f/software-engineering-architecture/project-management-governance/project-management/open-source-governance/project-management/project-initializations/dependency-inference.md) — Analyzes existing source code to automatically infer required libraries and generate an initial dependency lock file.

### Testing & Quality Assurance

- [Dependency Discovery](https://awesome-repositories.com/f/testing-quality-assurance/static-code-analysis/dependency-discovery.md) — Scans source code imports to automatically infer required external packages and their initial versions.

### Security & Cryptography

- [Integrity Verifications](https://awesome-repositories.com/f/security-cryptography/security/cryptography-and-secrets/cryptographic-primitives-management/cryptographic-hash-computations/data-integrity-identifiers/integrity-verifications.md) — Verifies the integrity of the local vendor directory using cryptographic hashes to detect unauthorized modifications.

### Part of an Awesome List

- [Package Management](https://awesome-repositories.com/f/awesome-lists/devtools/package-management.md) — Dependency management tool for Go.