Pinned Dependencies
Pinned dependencies is a software development practice where specific versions of libraries, packages, or modules are explicitly locked in a project's dependency configuration files, such as package-lock.json for npm or Pipfile.lock for Python. This ensures that every installation or build uses exactly the same versions, preventing unexpected changes from updates and promoting consistency across environments. It helps avoid 'dependency hell' by eliminating version conflicts and ensuring reproducible builds.
Developers should use pinned dependencies to maintain stability and reliability in production environments, especially for critical applications where unexpected behavior from dependency updates could cause failures or security vulnerabilities. It is essential in continuous integration/continuous deployment (CI/CD) pipelines to ensure that builds are deterministic and reproducible across different stages, from development to production. This practice is particularly valuable in large teams or open-source projects to prevent 'works on my machine' issues and facilitate debugging.