Be the first user to complete this post
|
Add to List |
What is npm shrinkwrap and when is it needed
The npm shrinkwrap
command lets you lock down the version numbers all the packages and their descendant packages in your node_modules directory. Lets examine why and when you should be using this command in your application development.
The npm package manager does a pretty good job at maintaining and installing dependencies for all the packages your project requires. It does so by installing a hierarchy of packages in the node_modules directory.
There are 2 main problems with the way npm install works
- Although npm recommends using semver for application versioning, it is completely upto the package author to honor this rule. This can be problematic if the package you depend on does not follow semver and a newer version of the package has breaking changes. Even if the package author follows semver, there is still a probability that a bug might get introduced in a compatible version.
- The other issue arises due to the way npm install works. Since running an npm install install a hierarchy of packages to be installed, if you wished to manually control the version numbers of the packages that you want to be installed, you could do that by using the exact version numbers in your package.json. However that only solves the problem for the direct dependents of your package. It does not give you control over the installed versions of the deeply nested packages that are the dependencies of your dependencies and beyond.
npm shrinkwrap
comes into play. When you run npm shrinkwrap in a project after running npm install
, it creates a file called npm-shrinkwrap.json
which lists the exact package versions of all the installed packages in the entire hierarchy. If you check this into your version control and your collegue clones and does an npm install
, then this time they will get the exact package version for the full hierarchy as specified in the npm-shrinkwrap.json
file.
In order to update your npm-shrinkwrap.json
file, you would need to run npm update <package_name>
, thereby specifying the exact package that needs to be updated and then re-run npm shrinkwrap
to updated your npm-shrinkwrap.json file.
If you need to find out which packages have become outdated, simply run
npm outdated
npm shrinkwrap --dev
Also Read:
- Configuring jshint as a pre-commit hook for your nodejs applications
- Dynamic module loading with require
- nodejs: generate uuid / guid
- Configure The 'script' tag In package.json To Run Multiple Commands