Skip to content
This repository has been archived by the owner on Apr 20, 2019. It is now read-only.

Document shrinkwrap best practices #26

Closed
lkptrzk opened this issue Apr 20, 2015 · 2 comments
Closed

Document shrinkwrap best practices #26

lkptrzk opened this issue Apr 20, 2015 · 2 comments

Comments

@lkptrzk
Copy link

lkptrzk commented Apr 20, 2015

It's not too clear from the history of npm-shrinkwrap.json in hapijs/hapi what the guidelines are for maintaining it. Seems like it just snuck in unceremoniously via hapijs/hapi#2039.

I've noticed a few shrinkwrap-related issues filed in the hapi repo due to npm whatever --production, so it seems like a relevant thing to document.

Some notes I think would be cool to see:

  • tl;dr of why it's used
  • When it's okay to change it
  • Warning of what kind of bugs it could cause
  • Rationale for why it differs from the default npm shrinkwrap output
@lkptrzk lkptrzk mentioned this issue Apr 20, 2015
Closed
@hueniverse
Copy link
Contributor

It's used because it is the only way I have to ensure the version you npm install has been fully verified by me. Otherwise, with so many maintainers and dependencies, you can never know if your integrated hapi experience is valid and secure.

You can change or ignore it if you know what you are doing (e.g. tested and verified the changes not included in it yourself).

The format is manually modified to allow easier maintenance.

@lkptrzk lkptrzk closed this as completed May 1, 2015
@lkptrzk
Copy link
Author

lkptrzk commented May 1, 2015

thanks

@dominykas dominykas mentioned this issue Nov 12, 2015
Closed
@kanongil kanongil mentioned this issue Oct 13, 2016
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hueniverse @lkptrzk