This question has come up a few times from the Sui community, so we put up a small post to explain how things work when you’re dealing with external packages on Sui without access to their Github repository.
First things first, is it possible?
Yes!
How?
The following steps will guide you on how to use an external package without direct access to its repository:
Use a local copy of the package
You will need a local version of the external package code. If you don’t have access to the original repository, you can manually obtain the source code from a blockchain explorer if it’s available, and use it locally.
Configure the local path and Mainnet address in Move.toml
In your Move.toml file, point to the local path where you have the package stored. Then, specify the on-chain address of the external package as it exists on mainnet.
Here is what your Move.toml might look like:
[package]
name = "YourPackageName"
[dependencies]
external_package = { local = "../path_to_external_package" }
[addresses]
external_package = "0x123...ABC" # The mainnet address of the external package
Publish your contract
Once the dependencies are set up, you can publish your contract with the external package dependency using the sui client publish
command.
Skip dependency verification (optional)
If needed, you can use the --skip-dependency-verification
flag when publishing, which will allow you to bypass the check that ensures the local code matches the on-chain version. Use this with caution.
Why do I need the local code?
- Compilation: The Sui Move compiler needs access to the source code to check for compatibility, resolve types, and ensure the functions you’re calling will work correctly with the external package. Point to the on-chain address alone doesn’t provide the necessary source code for these checks.
- Version control: Pointing to a specific GitHub repository or local path allows you to control which version of the package you’re working with. This is particularly important if the external package is actively developed, as you’ll want to ensure compatibility with your own project.
While you can’t directly reference an external package by its on-chain address alone, you can still work around this by using a local version of the code and linking it to the correct on-chain address. This process ensures that both the compiler and your development environment have everything they need to work with the external package.