Dependency Declarations
An InstallHub package can declare that it requires another package to be installed first. This enables composable, layered distribution — install a base package, then install extensions that depend on it.
Two Types of Dependencies
The manifest contains two distinct dependency concepts:
- Artifact dependencies (
dependencies[]) — the artifacts included within this bundle, their versions and hashes. These are auto-populated by the exporter from the dependency graph. - Package dependencies (
packageDependencies[]) — other InstallHub packages that must already be installed in the target tenant before this package can be installed. These are declared by the package author.
Package Dependencies — When to Use Them
Use packageDependencies when your package builds on top of another package:
- A workflow extension that adds steps to a base HR workflow defined in another package
- A custom form set that depends on entity schemas from a platform base package
- An industry vertical package that requires the BizFirstGO standard rules package
Package Dependency Schema
{
"packageDependencies": [
{
"packageName": "BizFirstGO.HRBase",
"minVersion": "1.0.0",
"maxVersion": "2.0.0"
},
{
"packageName": "BizFirstGO.NotificationTemplates",
"minVersion": "3.0.0"
// maxVersion omitted = no upper bound
}
]
}Version Range Rules
| Declaration | Satisfied By | Example |
|---|---|---|
minVersion: "1.0.0" only | 1.0.0 or higher | HRBase ≥ 1.0.0 |
minVersion: "1.0.0", maxVersion: "2.0.0" | 1.0.0 up to but not including 2.0.0 | HRBase ≥ 1.0.0 < 2.0.0 |
minVersion: "2.1.0", maxVersion: "2.2.0" | Exactly 2.1.x | HRBase ≥ 2.1.0 < 2.2.0 |
minVersion: "3.0.0", maxVersion: "3.0.1" | Exactly 3.0.0 | Pinned to a specific patch version |
maxVersion: "2.0.0" means "less than 2.0.0" — it does not include 2.0.0 itself. This follows npm/NuGet convention where major bumps break compatibility.
Dependency Validation on Import
When the import engine processes a package, it checks all packageDependencies against the packages currently installed in the target tenant:
// Import blocked — missing dependency:
{
"error": "MissingPackageDependency",
"message": "Package 'EmployeeOnboarding-Extension' requires 'BizFirstGO.HRBase' >= 1.0.0, but it is not installed in this tenant.",
"missingDependencies": [
{
"packageName": "BizFirstGO.HRBase",
"requiredMinVersion": "1.0.0",
"installedVersion": null
}
]
}
// Import blocked — version mismatch:
{
"error": "IncompatiblePackageDependency",
"message": "Package 'EmployeeOnboarding-Extension' requires 'BizFirstGO.HRBase' >= 1.0.0 < 2.0.0, but the installed version is 2.1.0.",
"incompatibleDependencies": [
{
"packageName": "BizFirstGO.HRBase",
"requiredRange": ">= 1.0.0 < 2.0.0",
"installedVersion": "2.1.0"
}
]
}Artifact Dependencies vs. Package Dependencies
Understanding the difference is important:
| Type | Purpose | Auto or Manual | Must Be Pre-installed? |
|---|---|---|---|
Artifact dependencies (dependencies[]) |
Lists what is inside this bundle | Auto-generated by exporter | No — they are installed by this package |
Package dependencies (packageDependencies[]) |
External packages required | Manually declared by author | Yes — must be installed before this package |
Transitive Package Dependencies
Package dependencies are not automatically transitive. If Package A depends on Package B, and Package B depends on Package C, the import engine requires both B and C to be installed before A — but it is the author's responsibility to declare B in Package A's packageDependencies. The engine does not automatically follow the dependency chain.
Platform Version Dependency
In addition to package dependencies, the manifest's platformVersion field acts as an implicit dependency on the BizFirstGO platform version. The import engine warns if the target platform is older than the source platform version.