dnu restore --un/lock feels weird

[bricelam]

The whole dnu restore --lock / --unlock usage feels weird. (As manifest in #1297)

In most other package managers, there at two commands: install & update

• update will update (or restore) the dependencies to the latest versions. i.e. It ignores versions in the lock file and updates them to the latest.
• install will look at the lock file and restore any missing (previously installed) dependencies to the locked version. For new dependencies, it will install the latest version and update the lock file.

I would love to see the behavior split out in this fashion as opposed to the current lock and unlock switches.

[davidfowl]

I agree lock and unlock being weird. As for update, it would only apply for version ranges as we don't do highest version and I don't see us doing that. So far we've stayed away from commands that modify the project.json file and instead lean towards a simple workflow where you edit the project.json file and run some command to produce the new lock file.

Given that, the workflow I'm leaning towards is something like this:

1. Add/Change some dependencies to project.json
2. Run dnu restore to produce the project.lock.json with closure of deps
3. Edit project.json
4. Go to 1.

The workflow we need to flesh out is the one that lets you lock and update that file when you make changes to the project.json file.

[muratg]

The current bug that tracks this is here: #2332. Closing this one.