Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NPM Shrinkwrap? #23

Closed
moll opened this issue Dec 9, 2013 · 8 comments
Closed

NPM Shrinkwrap? #23

moll opened this issue Dec 9, 2013 · 8 comments
Milestone
Base Structure Re...

Comments

@moll
Copy link

moll commented Dec 9, 2013

Hey,

Have you thought about just using npm shrinkwrap instead of committing all modules to version control?
@ckarande
Copy link
Member

ckarande commented Dec 9, 2013

Hey Andri,

I was not aware of npm shrinkwrap. I just read about it and like the idea. This would ensure consistent builds, without us needing to maintain the modules code.

I would prefer to treat dev dependencies in the same way, so running shrinkwrap with --dev flag. What do you suggest?

@moll
Copy link
Author

moll commented Dec 9, 2013

I have a feeling running it with --dev means development dependencies might get installed on the production machine as well. But if that's not a problem, go ahead.

@ckarande
Copy link
Member

ckarande commented Dec 9, 2013

Good point. One of the reasons I committed modules initially was to have consistent dev environment, especially grunt's version. So I think the little overhead of deploying dev dependencies to prod should be fine.

Would you like to work on this change?

@jksdua
Copy link
Contributor

jksdua commented Mar 16, 2014

Worth noting, npm install will install the exact copies of modules as specified in the package.json file so there is no need for checking in modules into version control. The benefit of npm install is that it will build the package for the OS architecture. For example, bcrypt will break between Windows, Linux etc.

@ckarande
Copy link
Member

@jksdua Thanks for the comment. While package.json can control exact versions of packages explicitly specified in package.json, it can't control recursive dependencies of external packages. Shrinkwrap allows us to do that w/o needing to check-in these dependencies. Please feel free to assign this issue to yourself if you want to assist on incorporating shrinkwrap.

@jksdua
Copy link
Contributor

jksdua commented Mar 23, 2014

@ckarande Sounds good.

I am thinking the following:

  • Add a pre-commit hook which will run npm shrinkwrap when new dependencies are installed. The new npm-shrinkwrap.json will then automatically be added to the commit.
  • Add node_modules to .gitignore

@ckarande
Copy link
Member

@jksdua Perfect! Thanks. Feel free to send a pull request once ready.

@ckarande
Copy link
Member

ckarande commented May 6, 2014

We will not use shrinkwrap, as having npm dependencies added in code makes it easier it deploy on BWA VM instances w/o network connectivity

@ckarande ckarande closed this as completed May 6, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Base Structure Release
Development

No branches or pull requests
3 participants
@moll @ckarande @jksdua