Lockfiles are unnecessary complications in dependency management. The author argues that proper dependency management should use exact version specifications rather than version ranges, making builds deterministic without requiring lockfiles. Maven's 20-year success without lockfiles demonstrates this approach works at scale. Version ranges create non-reproducible builds by allowing dependencies to change based on build time rather than publication time, defeating the purpose of having lockfiles in the first place.
Sort: