How to shrinkwrap npm modules without local dependencies

StackOverflow https://stackoverflow.com/questions/16406322

  •  14-04-2022
  •  | 
  •  

Question

I tried to maintain package.json with the list of node modules dependencies. when I call npm install it installs the node modules.and generates a folder for it in my app. I call the npm shrinkwrap. But this generates the dependency on the local node module

  "dependencies": {
"async": {
  "version": "0.2.5",
  "from": "async@0.2.5",
  "resolved": "https://registry.npmjs.org/async/-/async-0.2.5.tgz"
},

when I upload the app to the appfog server it can install from the npm-shrinkwrap.json. So Ideally I want to remove the node modules folder and just pass the shrinkwrap.json file. But it has this "from". I had in the past generated the shrinkwrap & it didn't have the "from" field in there. How to generate without "from"/ can I just get a shrinkwrap file from package.json. so my app will be leaner. I can maintain all the node module globally.

Thanks

Was it helpful?

Solution

I'm a bit confused by your question.

Shrinkwrap does not install, package, upload or do anything to your dependencies.

All it does is scan your installed node_modules and record the versions (recursively) into a file. Invoking npm install after that file is defined becomes repeatable, which is a principle of software engineering.

"from" was introduced a few months back. The npm shrinkwrap command seems to set it to the URL from which a module was installed. This is probably for portability. npm install takes a module name, consults a registry (whose URL is configurable as an npm config setting) and installs it. I could take the same package.json and npm-shrinkwrap.json, put them on another machine and theoretically get a different result if that machine's npm config settings point it to a different registry. Therefore, embedding the resolved URL in the shrinkwrap file adds an additional level of repeatability to npm install

See the npm config man page for details of setting the registry parameters.

According to npm issue 3145 on github, the "from" setting is known to cause backwards-compatibility issues with pre-1.2.x npm systems. Upgrading is the only resolution.

https://github.com/isaacs/npm/issues/3145

OTHER TIPS

I think that you are looking for shrinkpack: https://www.npmjs.com/package/shrinkpack

from the doc:

Shrinkpack complements the npm shrinkwrap command by maintaining a node_shrinkwrap directory in your project, containing the exact same tarballs that npm install downloads from https://registry.npmjs.org.

The rest of the npm install process is exactly the same. The only difference is that no network activity is necessary when installing and building your project. The node_shrinkwrap directory can be ignored in your editor (much like is done with the node_modules directory) but is instead checked into source control.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top