10

We use NPM Shrinkwrap to lock down dependencies.

Not sure if this is a bug or a feature but when I run: npm install after deleting my node_modules directory everything works but my npm-shrinkwrap.json will always have a few changes that I have to commit to git...

The changes are usually minor, such as changing the "integrity" hash from sha-1 to sha-512 (or vice versa). Or a package will simply be moved to a new line in the file but the content does not change.

Again, nothing breaks when these changes happen, all the correct node_modules are installed, but it is annoying to keep committing this file to git when we are not making any changes.

Any feedback or help would be greatly appreciated...

Chuck D
  • 1,718
  • 4
  • 19
  • 26
  • See this q & a here: https://stackoverflow.com/questions/47638381/what-did-package-lock-json-change-the-integrity-hash-from-sha1-to-sha512 – Tim Beadle Mar 20 '18 at 14:44

1 Answers1

0

I wouldn't hesitate to the use the git update-index --assume-unchanged npm-shrinkwrap.json command.

Then if you need to make changes and commit them run git update-index --no-assume-unchanged npm-shrinkwrap.json so Git will see the changes and enable you to stage and commit them.

Dharman
  • 30,962
  • 25
  • 85
  • 135
benhorgen
  • 1,928
  • 1
  • 33
  • 38
  • If you want try a different approach, take a look at the advice in this article: https://stackoverflow.com/questions/47638381/why-did-package-lock-json-change-the-integrity-hash-from-sha1-to-sha512?noredirect=1&lq=1 – benhorgen Nov 03 '20 at 13:38