use npm shrinkwrap for node_modules caching #12261

Closed
cvrebert opened this Issue Jan 16, 2014 · 2 comments

Comments

Projects
None yet
1 participant

@ghost ghost assigned cvrebert Jan 17, 2014

@cvrebert

This comment has been minimized.

Show comment
Hide comment
@cvrebert

cvrebert Jan 20, 2014

Member

Probably will need to use https://npmjs.org/package/canonical-json too.

Member

cvrebert commented Jan 20, 2014

Probably will need to use https://npmjs.org/package/canonical-json too.

@cvrebert

This comment has been minimized.

Show comment
Hide comment
@cvrebert

cvrebert Jan 20, 2014

Member

To clarify why this is desired:
Currently, our npm cache is based on the content of package.json, which has intentionally inexact version specs. This means that it's not guaranteed what exact package versions are in the cached copy (e.g. with "foobar": "~0.1.0", Travis could be using either v0.1.1 or v0.1.2, depending on when the cache last happened to have been cleared). If we want to update the cache, we have to modify package.json (when it is arguably unnecessary to do so) or manually purge the cache. This is particularly relevant for indirect/transitive dependencies.

Using npm shrinkwrap means that the versions will be explicitly locked down.

Member

cvrebert commented Jan 20, 2014

To clarify why this is desired:
Currently, our npm cache is based on the content of package.json, which has intentionally inexact version specs. This means that it's not guaranteed what exact package versions are in the cached copy (e.g. with "foobar": "~0.1.0", Travis could be using either v0.1.1 or v0.1.2, depending on when the cache last happened to have been cleared). If we want to update the cache, we have to modify package.json (when it is arguably unnecessary to do so) or manually purge the cache. This is particularly relevant for indirect/transitive dependencies.

Using npm shrinkwrap means that the versions will be explicitly locked down.

cvrebert added a commit that referenced this issue Jan 20, 2014

cvrebert added a commit that referenced this issue Jan 20, 2014

cvrebert added a commit that referenced this issue Jan 26, 2014

@cvrebert cvrebert closed this in #12315 Jan 27, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment