1

In my javascript project I want to freeze the dependencies. For this I'm using npm-shrinkwrap https://docs.npmjs.com/cli/shrinkwrap

I do the things that are written in the doc, and it works, but I can't find any evidence that the installation really uses data from file npm-shrinkwrap.json

Here is a more detailed explanation.

I have a super simple js project:

bessarabov@air:~/shrinkwrap$ ls
package.json
bessarabov@air:~/shrinkwrap$ cat package.json
{
    "dependencies" : {
        "express" : "4.14.0",
        "moment" : "2.14.1"
    }
}

Then I run npm install (here is the log — https://gist.github.com/bessarabov/9920d6dcb1cd71e504c6fe561e39643f ) And then I run:

bessarabov@air:~/shrinkwrap$ npm shrinkwrap
wrote npm-shrinkwrap.json

So, after I run this 2 commands I get new directory node_modules and a new file npm-shrinkwrap.json.

bessarabov@air:~/shrinkwrap$ ls
node_modules        npm-shrinkwrap.json package.json

Then I delete the installed libs: rm -rf node_modules/ and run npm install again. And the log is exaclty the same that was without npm-shrinkwrap.json ( https://gist.github.com/bessarabov/33c9421744582501482e4f00453f9d38 )

So, I'm not sure the second npm install really uses data from npm-shrinkwrap.json file. I want to find a way to see in the log that npm-shrinkwrap.json was used.

I'm using:

bessarabov@air:~/shrinkwrap$ npm --version
3.3.12
bessarabov@air:~/shrinkwrap$ node --version
v5.3.0

But I've also tried node 6.5.0 and the result is the same.

bessarabov
  • 11,151
  • 10
  • 34
  • 59
  • [`npm la`](https://docs.npmjs.com/cli/ls)? – Bergi Sep 03 '16 at 10:40
  • Is this a duplicate of [Find the version of an installed npm package](http://stackoverflow.com/q/10972176/1048572) or are you looking for something else? – Bergi Sep 03 '16 at 10:40
  • 1
    `npm la` and `npm list` shows the currently installed packages and there versions. I want to make sure that in several years when I run `npm install` I'll get the exact same list of packages and there versions. – bessarabov Sep 03 '16 at 19:32
  • You cannot test what a future `npm` is going to do in several years without a time machine. – Bergi Sep 03 '16 at 20:03
  • I don't think you can do any better than to trust [npm's documentation](https://docs.npmjs.com/cli/install): "*If the package has a shrinkwrap file, the installation of dependencies will be driven by that.*". If you want to see that in your logs, you might need to file a feature request with npm. – Bergi Sep 03 '16 at 20:05
  • 1
    It makes sense. But I was hoping that there is some hidden flag that can be used to see that `npm-shrinkwrap.json` was used. Or maybe I'm using shrinkwrap incorrectly and because of this I don't see that it is used. – bessarabov Sep 04 '16 at 11:50

0 Answers0