# 2.1 Go依赖管理工具dep > Go dependency management tool > > ## 环境要求 > > * Golang >= 1.9 > * Dep ## 目前版本: ``` dep: version : devel build date : git hash : go version : go1.10 go compiler : gc platform : linux/amd64 ``` `Latest release`为`v0.4.1` ## 安装 ``` go get -u github.com/golang/dep/cmd/dep ``` 若`$GOPATH/bin`不在`PATH`下,则需要将生成的`dep`文件从`$GOPATH/bin`移动至`$GOBIAN`下 ## 验证 ``` $ dep Dep is a tool for managing dependencies for Go projects Usage: "dep [command]" Commands: init Set up a new Go project, or migrate an existing one status Report the status of the project's dependencies ensure Ensure a dependency is safely vendored in the project prune Pruning is now performed automatically by dep ensure. version Show the dep version information Examples: dep init set up a new project dep ensure install the project's dependencies dep ensure -update update the locked versions of all dependencies dep ensure -add github.com/pkg/errors add a dependency to the project Use "dep help [command]" for more information about a command. ``` ## 初始化 在项目根目录执行初始化命令,`dep`在初始化时会分析应用程序所需要的所有依赖包,得出依赖包清单 并生成`vendor`目录,`Gopkg.toml`、`Gopkg.lock`文件 ![image](https://golang.github.io/dep/docs/assets/func-toggles.png) ### 默认初始化 ``` $ dep init -v ``` 直接从对应网络资源处下载 ### 优先从$GOPATH初始化 ``` $ dep init -gopath -v ``` 该命令会先从`$GOPATH`查找既有的依赖包,若不存在则从对应网络资源处下载 ### Gopkg.toml 该文件由`dep init`生成,包含管理`dep`行为的规则声明 ``` required = ["github.com/user/thing/cmd/thing"] ignored = [ "github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY" ] [metadata] key1 = "value that convey data to other systems" system1-data = "value that is used by a system" system2-data = "value that is used by another system" [[constraint]] # Required: the root import path of the project being constrained. name = "github.com/user/project" # Recommended: the version constraint to enforce for the project. # Note that only one of "branch", "version" or "revision" can be specified. version = "1.0.0" branch = "master" revision = "abc123" # Optional: an alternate location (URL or import path) for the project's source. source = "https://github.com/myfork/package.git" # Optional: metadata about the constraint or override that could be used by other independent systems [metadata] key1 = "value that convey data to other systems" system1-data = "value that is used by a system" system2-data = "value that is used by another system" ``` ### Gopkg.lock 该文件由`dep ensure`和`dep init`生成,包含一个项目依赖关系图的传递完整快照,表示为一系列`[[project]]`节 ``` # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. [[projects]] branch = "master" name = "github.com/golang/protobuf" packages = [ "jsonpb", "proto", "protoc-gen-go/descriptor", "ptypes", "ptypes/any", "ptypes/duration", "ptypes/struct", "ptypes/timestamp" ] revision = "bbd03ef6da3a115852eaf24c8a1c46aeb39aa175" ``` ## 常用命令 ### dep ensure 从项目中的`Gopkg.toml`和`Gopkg.lock`中分析关系图,并获取所需的依赖包 用于确保本地的关系图、锁、依赖包清单完全一致 ### dep ensure -add ``` # 引入该依赖包的最新版本 dep ensure -add github.com/pkg/foo # 引入具有特定约束(指定版本)的依赖包 dep ensure -add github.com/pkg/foo@^1.0.1 ``` ### dep ensure -update 将`Gopkg.lock`中的约定依赖项更新为`Gopkg.toml`允许的最新版本 ## 最后 目前`dep`还在官方试验阶段,但已表示生产可安全使用 如果出现什么问题,大家可以一起留个言讨论讨论 --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://eddycjy.gitbook.io/golang/di-2-ke-bao-guan-li/dep.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.