You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
this package ships a shrinkwrap. this is totally fine as long as downstream users install via npm i -g
if they install locally via npm i -D , they will install this package and all its dev-dependencies - which is unintended.
therefore, the shipped shrinkwrap must be stripped from dev dependencies.
it is no option to strip the feature of local installations.
because tis enables proper versioning of the tool and its dependencies via renovate, dependabot and other dependency watchers ...
The text was updated successfully, but these errors were encountered:
possible solution: remove the shrinkwrap from the project
-> this would casue clients to install ANY version, not the one that was properly tested with
have theshrinkwrap be created with prod-data only, ala
rm -rf package-lock.json npm-shrinkwrap.json
npm shrinkwrap --omit --dev
## the shrinkwrap is created basd on pruned `npm_modules` folder ...
this package ships a shrinkwrap. this is totally fine as long as downstream users install via
npm i -g
if they install locally via
npm i -D
, they will install this package and all its dev-dependencies - which is unintended.therefore, the shipped shrinkwrap must be stripped from dev dependencies.
it is no option to strip the feature of local installations.
because tis enables proper versioning of the tool and its dependencies via renovate, dependabot and other dependency watchers ...
The text was updated successfully, but these errors were encountered: