Skip to main content

What are Move Packages?

Move is the smart contract language Sui uses to define on-chain logic. Move is platform-agnostic, enabling shared libraries, tooling, and developer communities across blockchains with different data and execution models.

Sui uses Move through three constructs: packages, modules, and objects.

A Move package is a set of Move bytecode published to the Sui network. Packages are immutable. You can upgrade a package, but upgrading creates a new on-chain version while leaving all prior versions intact. Once published, other packages can import and use a package's modules, and anyone can inspect its contents or trace its logic using a Sui Explorer.

A Move module defines a package's interaction with on-chain objects. Each module name is unique within its package.

A Move object is typed data governed by a Move module. Each object is a struct with fields that can contain primitive types such as integers and addresses, other objects, or non-object structs.

Packages are immutable

After you publish a package object to a network, it lives there permanently. You cannot directly change the code of an on-chain package. Once published, other packages can import and use the modules it provides.

If developers could modify on-chain packages after publication, downstream behavior could change in unexpected ways. For example, a developer fixing an overlooked bug could unintentionally change the execution of every dependent package.

Making packages immutable

You can call the Move function sui::package::make_immutable to destroy a package's UpgradeCap and make the package permanently immutable. This eliminates single-key risk but also prevents all future bug fixes and feature additions.

For a more flexible approach, use custom upgrade policies to protect UpgradeCap access without giving up the ability to upgrade.

Upgrading packages

Although you cannot edit a published package directly, you can upgrade it. Upgrading creates a new package object on-chain, leaving the original intact. This lets you add features or fix issues without breaking existing dependencies.

See Upgrading packages for details on the process.

Using the Sui Client CLI

The Sui Client CLI provides an approachable way to publish and upgrade packages. See the package management guide for information on creating and working with Move packages.

If the CLI's active address owns the UpgradeCap for a package, you can use the upgrade command to perform an upgrade. This workflow is convenient when you're starting development or iterating quickly. However, protecting package upgrades with a single private key poses security risks:

  • The entity owning that key might make changes that are in their own interests but not the interests of the broader community.
  • Upgrades might happen without enough time for package users to consult on the change or stop using the package if they disagree.
  • The key might get lost.