Go: Package Management Survey Results 2016

Go Dependency Management Survey Cover

A couple months ago we held a survey of Go package management needs, likes, dislikes, and so forth. From this survey we collected lots of great information with some confirmations and some surprises.

Since the survey closed data and roll-ups from the survey have been sent to the package management committee which has now released a draft spec for a new tool.

The results of the survey were promised to be publicly shared. You can read the results in Google Docs.

Some things that caught my attention (warning, this is my opinion and observation):

  • There was a fairly even split between those who work at an enterprise and those who work at a startup. I like seeing a dataset that's not one sided.
  • More than 90% of those who took the survey want easy updating, package versioning (releases), and a tool to do the updating for them. A majority (besting the 80/20 rule) support Semantic Versions.
  • Users need to deal with private packages and forks (without import statement rewriting).
  • Many users want a tool to work out an ideal version of all their dependencies for them.
  • Locating and using CVEs (or like information) and being able to easily contact owners (both needed for security) were considered important.

Put simply, it appears folks want many of the package management features available in other languages. Of course, they want them to be in a Go style rather then a direct copy of any one of them.

Please take a look at the data for yourself. Especially the requirements which have simple graphs to see the results.