Be the first user to complete this post
|Add to List|
What is npm shrinkwrap and when is it needed
npm shrinkwrap command lets you lock down the version numbers all the packages and their descendant packages in your node_modules directory. Lets examine why and when you should be using this command in your application development.
The npm package manager does a pretty good job at maintaining and installing dependencies for all the packages your project requires. It does so by installing a hierarchy of packages in the node_modules directory.
There are 2 main problems with the way npm install works
- Although npm recommends using semver for application versioning, it is completely upto the package author to honor this rule. This can be problematic if the package you depend on does not follow semver and a newer version of the package has breaking changes. Even if the package author follows semver, there is still a probability that a bug might get introduced in a compatible version.
- The other issue arises due to the way npm install works. Since running an npm install install a hierarchy of packages to be installed, if you wished to manually control the version numbers of the packages that you want to be installed, you could do that by using the exact version numbers in your package.json. However that only solves the problem for the direct dependents of your package. It does not give you control over the installed versions of the deeply nested packages that are the dependencies of your dependencies and beyond.
npm shrinkwrapcomes into play. When you run npm shrinkwrap in a project after running
npm install, it creates a file called
npm-shrinkwrap.jsonwhich lists the exact package versions of all the installed packages in the entire hierarchy. If you check this into your version control and your collegue clones and does an
npm install, then this time they will get the exact package version for the full hierarchy as specified in the
npm-shrinkwrap.jsonfile. In order to update your
npm-shrinkwrap.jsonfile, you would need to run
npm update <package_name>, thereby specifying the exact package that needs to be updated and then re-run
npm shrinkwrapto updated your npm-shrinkwrap.json file. If you need to find out which packages have become outdated, simply run
npm shrinkwrap --dev
- Setup passportjs for local authentication and authorization using expressjs
- Configuring jshint as a pre-commit hook for your nodejs applications
- Resolved - Error: listen eaccess using nodejs and pm2
- How to publish a package on npm
- Accessing the request body and session in nodejs using express
- Understanding expressjs middleware with a visual example
- Unit test your Nodejs RESTful API using mocha
- Creating a simple event emitter using nodejs