npm: Get fixed dependency versions in package.json without npm-shrinkwrap.json

Question

I want to write fixed dependency versions in my package.json of the installed (!= latest available) modules.

These are alternative solutions, which does not satisfy me requirements:

Writing the latest available versions to the package.json.
npm shrinkwrap writes the dependencies to npm-shrinkwrap.json instead of package.json

I don't want to use shrinkwrap because it's just another tool and additional configuration file for a problem which could be solved without. Or could shrinkwrap be tweaked to write all versions from npm-shrinkwrap.json to package.json ?

score 0 · Answer 1 · answered Feb 01 '16 at 15:26

I've wrote a script, which extracts the versions from the shrinkwrap file in package.json syntax:

node
var sw = require('/path/to/npm-shrinkwrap.json');
for (var key in sw.dependencies) { console.log('"' + key + '": "' + sw.dependencies[key].version + '",') }

But it's ugly and not working for dev dependencies.

score 0 · Answer 2 · answered Mar 06 '18 at 09:05

0

As the dependencies of your dependencies will also get updates that strategy is not bullet prove. Its better to use npm 5 with https://docs.npmjs.com/files/package-locks shrinkwrap or yarn which has https://yarnpkg.com/lang/en/docs/yarn-lock/

answered Mar 06 '18 at 09:05

s.Daniel

1,064
12
29

npm: Get fixed dependency versions in package.json without npm-shrinkwrap.json

2 Answers2