Andi Smith

Shrinkwrap Your Dependencies

Front end development has evolved over the last couple of years thanks to npm popularised by task runners such as Grunt and Gulp.

Thanks to our package.json files, it's easy for another developer to get set up on our project in seconds by typing npm install. But what happens when some time has passed and your project dependencies have moved on? A new version of a package may introduce a new bug, or completely change its functionality altogether.

It's possible to have some control over dependency versions with the version numbers you put in your package.json file, but it's extremely difficult to have control over the version numbers of your dependencies dependencies.

For this reason, it's a good idea to run npm's shrinkwrap feature to lock down the versions of dependencies you are using once you have reached a stable point in development.

To do this, open up Command Prompt or Terminal and navigate to your project's root folder. Then type:

npm shrinkwrap

Calling npm shrinkwrap scans your node_modules folder and creates a npm-shrinkwrap.json file that contains a complete breakdown of all the dependencies (and versions) of your project, which npm will then use as its reference when creating a new install.

You can read more about shrinkwrap in the npm documentation.