This repository has been archived by the owner on Apr 12, 2024. It is now read-only.
chore(npm): add shrinkwrap to lock down dependencies #6653
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks for the PR! Please check the items below to help us merge this faster. See the contributing docs for more information.
If you need to make changes to your pull request, you can update the commit with Thanks again for your help! |
We need to be able to build angular at older shas, without the lock file / shrinkwrap file the dependencies will resolve differently on different machines and at different times. This will help us avoid broken builds and hard to track down issues. I had to manually edit this file after it was generated because `npm shrinkwrap` will install optional dependencies as if they were hard dependencies. See: npm/npm#2679 (comment) My manual edit: ``` diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json index 756df44..dc157eb 100644 --- a/npm-shrinkwrap.json +++ b/npm-shrinkwrap.json @@ -3110,19 +3110,7 @@ "chokidar": { "version": "0.8.1", "from": "https://registry.npmjs.org/chokidar/-/chokidar-0.8.1.tgz", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-0.8.1.tgz", - "dependencies": { - "fsevents": { - "version": "0.1.6", - "from": "fsevents@0.1.6", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-0.1.6.tgz" - }, - "recursive-readdir": { - "version": "0.0.2", - "from": "recursive-readdir@0.0.2", - "resolved": "https://registry.npmjs.org/recursive-readdir/-/recursive-readdir-0.0.2.tgz" - } - } + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-0.8.1.tgz" }, "glob": { "version": "3.2.9", ``` After this change is applied, developers don't need to do anything differently, except when updating dependencies we need to call `npm update && npm shrinkwrap --dev` followed by reappling my patch above until npm's bug.
Closed
IgorMinar
added a commit
that referenced
this pull request
Mar 12, 2014
We need to be able to build angular at older shas, without the lock file / shrinkwrap file the dependencies will resolve differently on different machines and at different times. This will help us avoid broken builds and hard to track down issues. I had to manually edit this file after it was generated because `npm shrinkwrap` will install optional dependencies as if they were hard dependencies. See: npm/npm#2679 (comment) My manual edit: ``` diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json index 756df44..dc157eb 100644 --- a/npm-shrinkwrap.json +++ b/npm-shrinkwrap.json @@ -3110,19 +3110,7 @@ "chokidar": { "version": "0.8.1", "from": "https://registry.npmjs.org/chokidar/-/chokidar-0.8.1.tgz", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-0.8.1.tgz", - "dependencies": { - "fsevents": { - "version": "0.1.6", - "from": "fsevents@0.1.6", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-0.1.6.tgz" - }, - "recursive-readdir": { - "version": "0.0.2", - "from": "recursive-readdir@0.0.2", - "resolved": "https://registry.npmjs.org/recursive-readdir/-/recursive-readdir-0.0.2.tgz" - } - } + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-0.8.1.tgz" }, "glob": { "version": "3.2.9", ``` Additionally chokidar doesn't list the dependencies above as optional, but that will hopefully be soon fixed: paulmillr/chokidar#106 In the meantime the patch from the PR above needs to be applied to node_modules/karma/node_modules/chokidar/package.json before running `npm shrinkwrap` ---- After this change is applied, angular core developers don't need to do anything differently, except when updating dependencies we need to call `npm update && npm shrinkwrap --dev` followed by reappling my patch above until npm's bug. Closes #6653
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We need to be able to build angular at older shas, without the lock file / shrinkwrap file
the dependencies will resolve differently on different machines and at different times.
This will help us avoid broken builds and hard to track down issues.
I had to manually edit this file after it was generated because
npm shrinkwrapwill installoptional dependencies as if they were hard dependencies.
See: npm/npm#2679 (comment)
My manual edit: