pump.io
pump.io copied to clipboard
npm-shrinkwrap.json
We should probably start shipping an npm-shrinkwrap.json
file in production builds. This will also help with reproducible builds (#1505).
I think maybe a good way to do this is to run a Travis cronjob that runs npm update --depth=9999
and then runs unit tests. If the unit tests pass (i.e. integration is ok) then it would commit a package-lock.json
update. When it comes time to release we'd just generate a shrinkwrap file from the existing lockfile.
So, this is now committed to the repository. Leaving open for the Travis automation part of this.