npm shrinkwrap: from #7292
Comments
The Since this is an existing feature of |
Okay cool. Thanks for the explanation. I'll give a more specific example. Lets say I have a simple project with the following in my "dependencies": {
"lodash": "^3.0.0"
} And I {
"name": "test",
"version": "1.0.0",
"dependencies": {
"lodash": {
"version": "3.1.0",
"from": "lodash@>=3.0.0 <4.0.0",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-3.1.0.tgz"
}
}
} Lets say I commit that to my repo. Then someone else clones the repo and runs {
"name": "test",
"version": "1.0.0",
"dependencies": {
"lodash": {
"version": "3.1.0",
"from": "https://registry.npmjs.org/lodash/-/lodash-3.1.0.tgz",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-3.1.0.tgz"
}
}
} Now that original A more realistic example would be I install via shrinkwrap, update one module, and then shrinkwrap. When I create pull request with the updated shrinkwrap file, it will not only have updated the module I wanted to, but have also changed all the from fields. |
It sounds like you want the differences between successive For now, though, it might help if you think of the shrinkwrap file as an opaque, even a binary file, and use a different communications channel such as commit messages or a ChangeLog to describe the difference between successive versions. /cc @othiym23 as a feature-request and /cc @iarna for your comments, if any, on changes to volatility of |
As @smikes has described, We should probably document how all that is meant to be interpreted at some point, and maybe provide a means to turn that information back into something that conveys that context back to users, but @smikes is right that the correct way to deal with |
@othiym23 This makes it extremely difficult to tell if unintentional changes snuck into your npm-shrinkwrap.json. I strongly encourage you to reconsider this. |
I'm looking into the possibility of removing the |
When you first create a shrinkwrap the from field is something like
If you then update one module and run shrinkwrap again, the from fields are updated to be equal to the resolved field.
Personally I don't think the
from
field is very useful and would prefer it to be removed if this type of thing is going to happen.On that note I don't see why shrinkwrap needs to hold the version either. I would think the resolved path is enough.
The text was updated successfully, but these errors were encountered: