pump.io icon indicating copy to clipboard operation
pump.io copied to clipboard

Published 20 hours ago verified publisher icon pump-io

npm-shrinkwrap.json

Open strugee opened this issue 6 years ago • 2 comments

We should probably start shipping an npm-shrinkwrap.json file in production builds. This will also help with reproducible builds (#1505).

strugee avatar Dec 11 '17 05:12 strugee

I think maybe a good way to do this is to run a Travis cronjob that runs npm update --depth=9999 and then runs unit tests. If the unit tests pass (i.e. integration is ok) then it would commit a package-lock.json update. When it comes time to release we'd just generate a shrinkwrap file from the existing lockfile.

strugee avatar Feb 22 '18 18:02 strugee

So, this is now committed to the repository. Leaving open for the Travis automation part of this.

strugee avatar May 16 '18 03:05 strugee