A script that makes updating npm-shrinkwrap.json
more deterministic,
which helps avoid the madness of the stock npm shrinkwrap
attributes for all dependencies- except for...
dependencies, which retain both attributes- tarball (
, etc) dependencies, which retainresolved
NOTE: This currently only works with npm@2
due to this issue affecting npm@3
This package is a fork of shonkwrap,
which provides a great experience for npm
3.x users.
WARNING: Version 2 of this package is intended for npm
v3.10.7 and above.
If you are still using npm@2
you can continue using version 1.x of this package.
npm install --save-dev shrinkwarp
Add a postshrinkwrap
lifecycle script to your package.json
scripts hash:
"scripts": {
"postshrinkwrap": "shrinkwarp"
WARNING on npm v3.10.8 and below (eg node 6.9.1) you'll need to use:
"scripts": {
"postshrinkwrap": "cd $(npm prefix) && $(npm bin)/shrinkwarp"
With the lifecycle script configured,
just use npm shrinkwrap
With recent versions of npm
it will auto-shrinkwrap when passing the --save
flag to npm install
npm i -S foo-module
npm test
git commit -am "add foo-module"
However, installing a dev dependency (with --save-dev
will still require a separate call to npm shrinkwrap --dev
npm i -D foo-dev-module
npm shrinkwrap --dev
npm test
git commit -am "add foo-dev-module"
In some cases, you just don't want an optional module shrinkwrapped.
Often, it is due to platform-specific extensions that break builds when run on an incompatible platform.
does fine with allowing optional dependencies to fail on incompatible platforms,
but it falls down hard when those same dependencies are part of the shrinkwrap.
This option will avoid all that pain. Please use sparingly, as it is a global block list.
"scripts": {
"postshrinkwrap": "shrinkwarp --ignore fsevents"
To ignore multiple modules, pass multiple flags:
shrinkwarp --ignore fsevents --ignore otherthing
"scripts": {
"postshrinkwrap": "shrinkwarp --ignore fsevents --ignore otherthing"