Dependency Management & Imports

Orvanta automates dependency resolution by parsing top-level imports without requiring manual manifest file management. The platform generates lockfiles during deployment to ensure consistent version execution across runs.

Key features

Automatic dependency resolution: Orvanta’s strength lies in its ability to run scripts without having to manage dependency manifest files directly, by automatically analyzing imports at deployment time.

Lockfile generation: When scripts deploy through the Web IDE, Orvanta creates lockfiles that pin dependency versions. If no version is specified, the latest version is used.

Performance optimization: Orvanta’s workers cache dependencies to ensure fast performance without the need to pre-package dependencies — most jobs take under 100ms end-to-end.

Enterprise caching: On enterprise editions, Orvanta’s caches can be configured to sync with a central S3 repository to distribute the cache across multiple workers.

Language-specific implementation

TypeScript/Bun: Dependencies resolve directly from script imports, supporting both unpinned (import { lib } from 'package') and versioned (import * as lib from 'package@version') formats.

Python: For Python scripts, Orvanta only considers top-level imports for automatic dependency installation. Imports inside functions, conditional blocks, or other nested scopes will not be detected.

Go: Dependencies embed in scripts with optional version pinning via //require comments.

PowerShell: Modules auto-install via Import-Module, with optional -RequiredVersion parameters. Supports Azure Artifacts feeds for private repositories.

R: Detects dependencies from library() and require() calls, resolving versions from CRAN with a 3-day cache TTL.

Local development

Scripts include three files:

• Content file (.py, .ts, .go, etc.)
• Metadata file (.yaml)
• Lockfile (.lock)

Use the orvanta generate-metadata CLI command to update lockfiles locally without manual editing.