npmbox
npmbox copied to clipboard
npmbox: using shrinkwrap to specify dependent package verisons?
I'm using npmbox
to download and archive packages to be later installed for my project. But, I can only specify the versions for the 13 primary dependencies in my package.json
; the 176 total sub-dependencies are free to change at will (subject to the sometimes arbitrary version specs of the parent packages).
With npm
I can shrinkwrap the versions of all the packages once they've been installed, but then I can't archive them that way. I believe using npmbox
is just like un-shrinkwrapped npm
, where dependency package versions can change each time I use npmbox
. (Yes, once I've wrapped it all in a .npmbox
archive the versions won't change, but if I ever want to update a single package I'll have to take whatever sub-dependency versions get downloaded.)
Am I right that there's no current way with npmbox
to be precise about a sub-dependency's version? Is there any way I can end up with a .npmbox
archive holding an exactly specified set of packages, sub-versions included?
Not 100% sure, but I think npmbox
will respect shrinkwrap files. Might reasonably be considered a bug if not.
[Note: I'm a contributor to the project, but not the leader of it.]
I just checked, and it doesn't seem to. Test:
- Started in directory with existing
npm-shrinkwrap.json
file, specifyingabbrev
version 1.0.9 (among many other packages) - Executed
npmbox abbrev
-
npmbox
packaged version 1.0.9 ofabbrev
It would be good if npmbox
did respect versions in an npm-shrinkwrap.json
file (or had some other mechanism for doing the equivalent).