Details

Name: install
Alias: i
Arguments:

1. In case of global (-g, --global) and local vr-powered installations

$ vr install [-g, --global] [-r, --reload] <specifier> # Where specifier = [registry:]<package>[@version]
# IE
$ vr install awesomecli
$ vr install -g nest:awesomecli@2.3.0

2. In case of local deno-like installations they replicate deno install (except for --root, --force, --reload)

- $ deno install --allow-net --allow-read -n serve https://deno.land/std@0.97.0/http/file_server.ts
+ $ vr install --allow-net --allow-read -n serve https://deno.land/std@0.97.0/http/file_server.ts

Action

Adding a dependency
We should find a way to safely distinguish the two cases (ie presence of the -g flag or remote URLs?) and generate and execute a deno install command either from the parameters in case 2 or from the remote vr configuration (install entry) in case 1.

Updating a dependency
If a compatible entry is found in the local vr configuration, the dependency is not installed unless a corresponding executable is not present in the local bins folder or unless the -r, --reload flag is used. If the entries differ by the registry or version, a new install is always performed (a @latest version tag could be used to forcefully install the latest version of a dep?).

Initializing dependencies from an existing configuration
Like npm, running vr install without arguments installs all the dependencies found in the configuration locally. If a bin folder is already present, it checks wether all the deps have a corresponding executable and installs it otherwise.

Security considerations

Since in case 1 the permissions are hidden in the remote configuration, it might be appropriate to at least show the final deno install command that is being executed (with or without a confirmation prompt?) so that the user can decide to uninstall/reinstall the CLI with a custom install command.

Always create a lockfile for these installs?