|1.||Run npm install in the package root to install the current versions of all dependencies.|
|2.||Validate that the package works as expected with these versions.|
Run npm shrinkwrap, add npm-shrinkwrap.json to git, and publish
To add or update a dependency in a shrinkwrapped package:
1. Run npm install in the package root to install the current versions of all dependencies. 2. Add or update dependencies. npm install each new or updated package individually and then update package.json. Note that they must be explicitly named in order to be installed: running npm install with no arguments will merely reproduce the existing shrinkwrap. 3. Validate that the package works as expected with the new dependencies. 4. Run npm shrinkwrap, commit the new npm-shrinkwrap.json, and publish your package.
You can use npm help outdated to view dependencies with newer versions available.
A shrinkwrap file must be consistent with the packages package.json file. npm shrinkwrap will fail if required dependencies are not already installed, since that would result in a shrinkwrap that wouldnt actually work. Similarly, the command will fail if there are extraneous packages (not referenced by package.json), since that would indicate that package.json is not correct.
Since npm shrinkwrap is intended to lock down your dependencies for production use, devDependencies will not be included unless you explicitly set the --dev flag when you run npm shrinkwrap. If installed devDependencies are excluded, then npm will print a warning. If you want them to be installed with your module by default, please consider adding them to dependencies instead.
If shrinkwrapped package A depends on shrinkwrapped package B, Bs shrinkwrap will not be used as part of the installation of A. However, because As shrinkwrap is constructed from a valid installation of B and recursively specifies all dependencies, the contents of Bs shrinkwrap will implicitly be included in As shrinkwrap.
If you wish to lock down the specific bytes included in a package, for example to have 100% confidence in being able to reproduce a deployment or build, then you ought to check your dependencies into source control, or pursue some other mechanism that can verify contents rather than versions.
o npm help install o npm help 5 package.json o npm help ls
|NPM-SHRINKWRAP (1)||October 2015|