When you build a project that depends on Raiku packages, the index will continue to receive updates — new versions, changed hashes, and new packages. Without a lock file, runningDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/SGizek/Raiku/llms.txt
Use this file to discover all available pages before exploring further.
raiku install on a different machine or at a later date might silently pick up a newer version of a dependency and produce a different build. raiku.lock solves this by recording the exact version, language, repository path, SHA-256 hash, and install timestamp for every package at the moment you install it. Committing raiku.lock to source control means anyone who checks out your project can recreate the exact same environment.
Generating a Lock File
Pass--lock to any raiku install command to write or update raiku.lock in the current directory:
raiku.lock does not exist it is created automatically. If it already exists, the new package entry is merged in (or the existing entry is updated if the package was already locked at a different version). The file’s generated_at timestamp is refreshed on every write.
You can lock multiple packages in a single session by passing --lock to each install command, or by installing with --lock after every raiku install call in your setup script:
The raiku.lock Format
raiku.lock is a plain JSON file. Here is a representative example:
| Field | Type | Description |
|---|---|---|
lock_version | string | Schema version of the lock file format (currently "1") |
generated_at | integer | Unix timestamp of the last write |
packages | object | Map of package name → lock entry |
packages.<name>.version | string | Exact version that was installed |
packages.<name>.language | string | Language ecosystem (e.g. "Python", "Go") |
packages.<name>.path | string | Repository-relative path used to fetch the package |
packages.<name>.sha256 | string | SHA-256 hash of the package’s raiku.toml at install time |
packages.<name>.installed_at | integer | Unix timestamp when this entry was written |
Installing from a Lock File
raiku from-lock reads raiku.lock in the current directory and installs each recorded package at its locked version and hash. Because the SHA-256 is checked against the value in the lock file rather than just the live index, this command provides a stronger reproducibility guarantee than a plain raiku install: if the index changes between your original install and the restore, the hash mismatch will be caught and reported.
When to Commit raiku.lock
Commitraiku.lock when:
- You want CI/CD pipelines to use the same packages as your development machine.
- You are sharing a project with collaborators.
- You are deploying an application and need to guarantee a known-good dependency set.
- You want to be able to bisect regressions by comparing lock files across commits.
raiku.lock deliberately by re-running raiku install <package> --lock after a manual raiku update, so the lock always reflects a conscious decision rather than an accidental drift.
Relationship with Version Pins
Lock files and version pins are complementary but distinct mechanisms:| Mechanism | Where stored | What it controls |
|---|---|---|
raiku.lock | Project directory (committed to repo) | Records exact versions and hashes for reproducible restores |
~/.raiku/pins.json | User’s home directory | Prevents raiku update --all from upgrading specific packages |
raiku update --all never upgrades it, and keep raiku.lock committed so team members always start from the same baseline.