packdeps

One important part of maintaining software is keeping up with the new releases of dependencies. I use the packdeps utility to check the dependencies of my Haskell projects. The web service provides RSS/Atom feeds for packages that are in Hackage, and a CLI can be used to check the dependencies of packages that are not in Hackage.

I currently only publish packages that are useful as libraries to Hackage. I prefer to update these packages quickly when a new major version of a dependency is released. I usually check my RSS feeds twice per day, so the notifications provided by the web service allow me to discover dependency releases in a timely manner.

My utility packages are currently not in Hackage. I use the CLI to discover dependency releases for these packages, using the following script:

#!/usr/bin/env bash

find . -type f -name '*.cabal' \
  | sort \
  | xargs packdeps --preferred --quiet

My public projects are cloned into my ~/projects/public directory, and I execute the above script from that directory to check those projects. The packdeps command is run against all .cabal files below the current directory, in sorted order. The --preferred option makes packdeps only consider preferred versions of packages. For example, the latest release (2.7.0.0) of the network-uri package has been explicitly deprecated, so it should not be considered. The --quiet option suppresses output for packages that can accept the newest releases of all dependencies.

There are a few issues, however. The utility is implemented using the Cabal library, and the latest release only supports Cabal >=3.2 && <3.3, which means that it only works with GHC 8.10. The utility also expects the Hackage database to be under ~/.cabal, so it does not work for Stack users. It would be nice if it could read the Hackage database from ~/.stack/pantry/hackage as well, or at least provide an option to allow users to specify which database to load. (The hackage-db API exposes a readTarball function!)