Skip to content

use npm shrinkwrap for node_modules caching #12261

Closed
cvrebert opened this Issue Jan 16, 2014 · 2 comments

1 participant

@cvrebert cvrebert was assigned Jan 17, 2014
@cvrebert
Bootstrap member

Probably will need to use https://npmjs.org/package/canonical-json too.

@cvrebert cvrebert added a commit that referenced this issue Jan 20, 2014
@cvrebert cvrebert fix #12261 898e06a
@cvrebert
Bootstrap member

To clarify why this is desired:
Currently, our npm cache is based on the content of package.json, which has intentionally inexact version specs. This means that it's not guaranteed what exact package versions are in the cached copy (e.g. with "foobar": "~0.1.0", Travis could be using either v0.1.1 or v0.1.2, depending on when the cache last happened to have been cleared). If we want to update the cache, we have to modify package.json (when it is arguably unnecessary to do so) or manually purge the cache. This is particularly relevant for indirect/transitive dependencies.

Using npm shrinkwrap means that the versions will be explicitly locked down.

@cvrebert cvrebert added a commit that referenced this issue Jan 20, 2014
@cvrebert cvrebert fix #12261 56a67d3
@cvrebert cvrebert added a commit that referenced this issue Jan 20, 2014
@cvrebert cvrebert fix #12261 5641561
@cvrebert cvrebert added a commit that referenced this issue Jan 26, 2014
@cvrebert cvrebert fix #12261 5a3f1a9
@cvrebert cvrebert closed this in #12315 Jan 27, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.