This repository has been archived by the owner on Aug 11, 2022. It is now read-only.
Store shrinkwrap config for dependency groups to lock in package.json file #14148
Closed
1 of 4 tasks
Labels
I'm opening this issue because:
What's the feature?
Store config for the shrinkwrap file in package.json (e.g. in
config/shrinkwrap
) that would list all dependency groups that should be shrinkwrapped (e.g.config: { shrinkwrap: { groups: ['dependencies', 'devDependencies'] }}
. This config could be created when runningnpm shrinkwrap
, if it doesn't already exist.npm install --save/--save-dev
would then add dependencies to the shrinkwrap file only if their group is listed in this config.What problem is the feature intended to solve?
Currently when installing a development dependency using
--save-dev
option with existingnpm-shrinkwrap.json
file, this dependency will only be added to the shrinkwrap file, if there already exists any development dependency locked in it. It has a few disadvantages, e.g. it's sometimes necessary to delete the shrinkwrap file and recreate it (e.g. when there's a merge conflict in it) and it's easy to forget to add--also=development
option when generating it again. It's also rather unintuitive if one has only production dependencies in their shrinkwrap file and wants to add development dependency usinginstall --save-dev
command.Is the absence of this feature blocking you or your team? If so, how?
No.
Is this feature similar to an existing feature in another tool?
No. However, in Ruby Bundler tool (https://bundler.io), all dependencies are locked by default (e.g. development, test, production) and one can then select which ones to install by passing an option to
install
command. Now that npm supportsinstall --only=production
command it could work in the same way, i.e. lock everything by default. However, this would change the existing behavior, so maybe it could be changed in the next major version of npm ;)Is this a feature you're prepared to implement, with support from the npm CLI team?
Yes!
The text was updated successfully, but these errors were encountered: