Skip to main content

What are Move Packages?

Move is the smart contract language Sui uses to define onchain logic. Move is platform-agnostic, enabling shared libraries, tooling, and developer communities across blockchains with different data and execution models.

Sui uses Move through three constructs: packages, modules, and objects.

A Move package is a set of Move bytecode published to the Sui network. Packages are immutable. You can upgrade a package, but upgrading creates a new onchain version while leaving all prior versions intact. Once published, other packages can import and use a package's modules, and anyone can inspect its contents or trace its logic using a Sui Explorer.

A Move module defines a package's interaction with onchain objects. Each module name is unique within its package.

A Move object is typed data governed by a Move module. Each object is a struct with fields that can contain primitive types such as integers and addresses, other objects, or non-object structs.

Packages are immutable​

After you publish a package object to a network, it lives there permanently. You cannot directly change the code of an onchain package. Once published, other packages can import and use the modules it provides.

If developers could modify onchain packages after publication, downstream behavior could change in unexpected ways. For example, a developer fixing an overlooked bug could unintentionally change the execution of every dependent package.

Making packages immutable​

You can call the Move function sui::package::make_immutable to destroy a package's UpgradeCap and make the package permanently immutable. This eliminates single-key risk but also prevents all future bug fixes and feature additions.

For a more flexible approach, use custom upgrade policies to protect UpgradeCap access without giving up the ability to upgrade.

Upgrading packages​

Although you cannot edit a published package directly, you can upgrade it. Upgrading creates a new package object onchain, leaving the original intact. This lets you add features or fix issues without breaking existing dependencies.

See Upgrading packages for details on the process.

Using the Sui Client CLI​

The Sui Client CLI provides an approachable way to publish and upgrade packages. See the package management guide for information on creating and working with Move packages.

If the CLI's active address owns the UpgradeCap for a package, you can use the upgrade command to perform an upgrade. This workflow is convenient when you're starting development or iterating quickly. However, protecting package upgrades with a single private key poses security risks:

  • The entity owning that key might make changes that are in their own interests but not the interests of the broader community.
  • Upgrades might happen without enough time for package users to consult on the change or stop using the package if they disagree.
  • The key might get lost.