Shrinkwrap Your Dependencies
By Andi Smith - Wednesday, February 5 2014
Front end development has evolved over the last couple of years thanks to
npm popularised by task runners such as Grunt and Gulp.
Thanks to our package.json files, it’s easy for another developer to get set up on our project in seconds by typing
npm install. But what happens when some time has passed and your project dependencies have moved on? A new version of a package may introduce a new bug, or completely change its functionality altogether.
It’s possible to have some control over dependency versions with the version numbers you put in your package.json file, but it’s extremely difficult to have control over the version numbers of your dependencies dependencies.
For this reason, it’s a good idea to run npm’s shrinkwrap feature to lock down the versions of dependencies you are using once you have reached a stable point in development.
To do this, open up Command Prompt or Terminal and navigate to your project’s root folder. Then type:
npm shrinkwrap scans your
node_modules folder and creates a
npm-shrinkwrap.json file that contains a complete breakdown of all the dependencies (and versions) of your project, which npm will then use as its reference when creating a new install.
Andi Smith is a web developer from London, United Kingdom. He likes to build highly performant websites which innovate with genuine value.