-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm-shrinkwrap.json
not included in published hapi
package
#3338
Comments
Wow! I feel sure this was just an oversight. Thanks very much for letting us know. :) |
Restore npm-shrinkwrap.json to package. Closes #3338
@iarna just out of curiosity what is so special about hapi's shrinkwrap? |
@AdriVanHoudt It's incomplete– it does not include all the modules necessary to use Hapi, so (It also only provides versions, which is unusual, but isn't a corner case the way an incomplete shrinkwrap is.) |
If I flip off the bit in 🕟 rebecca@Caldina:~/code/npmtest/hapitest$ npm ls
hapitest@1.0.0 /Users/rebecca/code/npmtest/hapitest
└─┬ hapi@15.0.3
├─┬ accept@2.1.2
│ └── UNMET DEPENDENCY boom@3.x.x
├─┬ ammo@2.0.2
│ └── UNMET DEPENDENCY boom@3.x.x
├── boom@4.0.0
├─┬ call@3.0.3
│ └── UNMET DEPENDENCY boom@3.x.x
├─┬ catbox@7.1.2
│ └── UNMET DEPENDENCY boom@3.x.x
├── catbox-memory@2.0.3
├─┬ cryptiles@3.0.2
│ └── UNMET DEPENDENCY boom@3.x.x
├─┬ heavy@4.0.2
│ └── UNMET DEPENDENCY boom@3.x.x
├── hoek@4.0.2
├─┬ iron@4.0.3
│ └── UNMET DEPENDENCY boom@3.x.x
├── items@2.1.1
├─┬ joi@9.0.4
│ ├── isemail@2.2.1
│ └── moment@2.14.1
├─┬ mimos@3.0.3
│ └── mime-db@1.23.0
├── podium@1.2.3
├── shot@3.3.1
├─┬ statehood@5.0.0
│ └── UNMET DEPENDENCY boom@3.x.x
├─┬ subtext@4.2.1
│ ├── UNMET DEPENDENCY boom@3.x.x
│ ├─┬ content@3.0.2
│ │ └── UNMET DEPENDENCY boom@3.x.x
│ ├─┬ pez@2.1.2
│ │ ├── b64@3.0.2
│ │ ├── UNMET DEPENDENCY boom@3.x.x
│ │ └─┬ nigel@2.0.2
│ │ └── vise@2.0.2
│ └─┬ wreck@9.0.0 invalid
│ └── UNMET DEPENDENCY boom@3.x.x
└── topo@2.0.2
npm ERR! missing: boom@3.x.x, required by accept@2.1.2
npm ERR! missing: boom@3.x.x, required by ammo@2.0.2
npm ERR! missing: boom@3.x.x, required by call@3.0.3
npm ERR! missing: boom@3.x.x, required by catbox@7.1.2
npm ERR! missing: boom@3.x.x, required by cryptiles@3.0.2
npm ERR! missing: boom@3.x.x, required by heavy@4.0.2
npm ERR! missing: boom@3.x.x, required by iron@4.0.3
npm ERR! missing: boom@3.x.x, required by statehood@5.0.0
npm ERR! missing: boom@3.x.x, required by subtext@4.2.1
npm ERR! invalid: wreck@9.0.0 /Users/rebecca/code/npmtest/hapitest/node_modules/hapi/node_modules/subtext/node_modules/wreck
npm ERR! missing: boom@3.x.x, required by wreck@9.0.0
npm ERR! missing: boom@3.x.x, required by content@3.0.2
npm ERR! missing: boom@3.x.x, required by pez@2.1.2 |
Looking over this again, at this point the weirdness is more specific. And actually I don't think your shrinkwrap is doing what you want. You seem to be trying to do things with it that we unfortunately do not support. So the The This is definitely a bug–the current intended behavior (I believe!) is that the |
The "corrected" tree after running This is a physical tree, what you see from
|
So a few things. The corrected tree in your last comment, @iarna, does not even include wreck at the top level for hapi how's that? @hueniverse what is the reason the hapi shrinkwrap looks this way? aka includes dev deps and is "not complete" Btw I am asking these questions out of pure curiosity, thanks @iarna for the explanation! |
It was generated with an older version of npm and has been manually updated since. |
@AdriVanHoudt Because If I were running |
@iarna ah I see, thanks! Should hapi update its shrinkwrap? |
@AdriVanHoudt If it's at all possible for hapi to switch to a fresh (and complete) shrinkwrap I would strongly encourage it. Go ahead and edit out This will quickly become urgent in light of the soon-to-be changing shrinkwrap behavior (see #3360). |
So I was poking around inside the distributed version of
hapi
for various reasons and noticed thenpm-shrinkwrap.json
had gone missing. You can see that it's missing by installing it and looking innode_modules
or by fetching downhttps://registry.npmjs.org/hapi/-/hapi-15.0.3.tgz
and looking inside the tarball.hapi
has a pretty atypical shrinkwrap so I've often used it as a very basic canary for shrinkwrap changes.The reason it's not being packaged is the
.npmignore
that was added in 84288ec. From the commit I can't tell if this was intentional.Now... don't get me wrong, I would actually be quite pleased to see fewer unusual shrinkwraps on the registry. So if removing it was intentional, don't put it back on my account! But if it wasn't, I figured you all would want to be aware that it had gone missing.
The text was updated successfully, but these errors were encountered: