Other package managers have a lock down option. For example, on a dev machine you might have certain packages and certain versions. The goal would be to install those same packages and versions on a staging or production environment. Sometimes this is called shrinkwrap or lockdown.
Does luarocks have something similar?
As of LuaRocks 2.4.2, this is unfortunately not available as a single command.
But here is a sequence of operations that produces a similar effect.
In the dev machine:
mkdir packages
cd packages
luarocks list --porcelain | awk '{print $1}' | uniq > packages.txt
for p in $(cat packages.txt); do luarocks pack $p; done
luarocks-admin make-manifest .
cd ..
tar czvpf packages.tar.gz packages
Copy packages.tar.gz to the target machine then run:
tar zxvpf packages.tar.gz
luarocks --only-server=./packages install foo
This will install package "foo" picking dependencies and sub-dependencies only from the packages/ directory (and not from the network), so all dependencies are guaranteed to be the ones you packaged in the dev machine.