Piece of Cake Dependency Management in Ruby

I just stumbled across Francis Hwang’s urirequire library, via _why, and I just had one of those ‘why didn’t I come up with this?’ moments.

If you haven’t played with Ruby yet, or just don’t feel like clicking the link, here’s what it does: at every require (which has similar mechanics to its Java and Python import counterparts) that starts with http://, https:// or ftp://, it reaches for the contents of the file remotely and eval()s them. It actually overwrites the standard require method, and this way, it can load any Ruby script that can reach and just use it, instantly.

There are, of course, very serious security implications with running remote code just like that, but keeping in mind that we have Ruby’s tainting mechanism and that with just a one-line change to one of the regexes used we can have code that’s only loaded from trusted (or local) servers, the safety part of it can be reasonably covered. Of course, if you want to get serious about it, code signing might be the best option, and I don’t see any technical impediments to that.

Essentially, we have the most interesting bit of Maven, the downloading of dependencies, automatically built in. Want everything running on the bleeding edge? Point the require to a ViewCVS HEAD page, like this one for urirequire. Want to use a specific version? No worries - point it to a different ViewCVS page. Or have servers seamlessly bootstrapping their installation and configuration from a central location, Java WebStart-like desktop applications updating at start-up, WebService client libraries delivered by the server on demand, there are so many interesting things that can be done with this.

Certainly, most of them have indeed been done before, but not with the same flare, not with the same piece-of-cakeness to it.