check-dependencies icon indicating copy to clipboard operation
check-dependencies copied to clipboard

NPM shrinkwrap support?

Open grese opened this issue 7 years ago • 1 comments

Hi, this is more of a question than an "issue". I tried the library, and it doesn't appear to have support for "NPM Shrinkwrap". Am I missing something, or does this library not support it? Our team shrinkwraps our modules, so we would essentially need the npm-shrinkwrap.json file to take precedence over what is defined in package.json.

grese avatar Sep 15 '17 23:09 grese

You're right, there's no support for npm-shrinkwrap.json here. This module's main purpose is to be as fast as possible when checking for dependency correctness so it checks for the proper modules to be present by manually walking the directory tree.

Do I understand it right that npm-shrinkwrap.json records not only what deps are installed but also where they should lie in the file directory structure? If that's the case then this module's way of checking dependencies could be extended. If that's not the case then there's no easy way to support it here and you may need to manually fire npm install at the beginning of your build script.

The fact that yarn.lock doesn't record the full file system location of modules is the reason why this module can't support it.

mgol avatar Feb 11 '18 16:02 mgol