diff options
| author | Kat Marchán <kzm@sykosomatic.org> | 2017-05-28 21:04:08 -0700 |
|---|---|---|
| committer | Anna Henningsen <anna@addaleax.net> | 2017-05-29 18:06:04 +0200 |
| commit | c58cea5a163cd5d7133e00fdf257325ce3807c09 (patch) | |
| tree | 1b7f97c0474f1990450a54e82b4432ec37de1956 /deps/npm/html/doc/cli/npm-shrinkwrap.html | |
| parent | 88fe7e84e56e44a727169c07ee040cbf67f9c0a8 (diff) | |
| download | android-node-v8-c58cea5a163cd5d7133e00fdf257325ce3807c09.tar.gz android-node-v8-c58cea5a163cd5d7133e00fdf257325ce3807c09.tar.bz2 android-node-v8-c58cea5a163cd5d7133e00fdf257325ce3807c09.zip | |
deps: upgrade npm to 5.0.0
PR-URL: https://github.com/nodejs/node/pull/13276
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Diffstat (limited to 'deps/npm/html/doc/cli/npm-shrinkwrap.html')
| -rw-r--r-- | deps/npm/html/doc/cli/npm-shrinkwrap.html | 159 |
1 files changed, 10 insertions, 149 deletions
diff --git a/deps/npm/html/doc/cli/npm-shrinkwrap.html b/deps/npm/html/doc/cli/npm-shrinkwrap.html index 53592eabe8..a1809977c5 100644 --- a/deps/npm/html/doc/cli/npm-shrinkwrap.html +++ b/deps/npm/html/doc/cli/npm-shrinkwrap.html @@ -9,163 +9,24 @@ <body> <div id="wrapper"> -<h1><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap</a></h1> <p>Lock down dependency versions</p> +<h1><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap</a></h1> <p>Lock down dependency versions for publication</p> <h2 id="synopsis">SYNOPSIS</h2> <pre><code>npm shrinkwrap </code></pre><h2 id="description">DESCRIPTION</h2> -<p>This command locks down the versions of a package's dependencies so -that you can control exactly which versions of each dependency will be -used when your package is installed. The <code>package.json</code> file is still -required if you want to use <code>npm install</code>.</p> -<p>By default, <code>npm install</code> recursively installs the target's -dependencies (as specified in <code>package.json</code>), choosing the latest -available version that satisfies the dependency's semver pattern. In -some situations, particularly when shipping software where each change -is tightly managed, it's desirable to fully specify each version of -each dependency recursively so that subsequent builds and deploys do -not inadvertently pick up newer versions of a dependency that satisfy -the semver pattern. Specifying specific semver patterns in each -dependency's <code>package.json</code> would facilitate this, but that's not always -possible or desirable, as when another author owns the npm package. -It's also possible to check dependencies directly into source control, -but that may be undesirable for other reasons.</p> -<p>As an example, consider package A:</p> -<pre><code>{ - "name": "A", - "version": "0.1.0", - "dependencies": { - "B": "<0.1.0" - } -} -</code></pre><p>package B:</p> -<pre><code>{ - "name": "B", - "version": "0.0.1", - "dependencies": { - "C": "<0.1.0" - } -} -</code></pre><p>and package C:</p> -<pre><code>{ - "name": "C", - "version": "0.0.1" -} -</code></pre><p>If these are the only versions of A, B, and C available in the -registry, then a normal <code>npm install A</code> will install:</p> -<pre><code>A@0.1.0 -`-- B@0.0.1 - `-- C@0.0.1 -</code></pre><p>However, if B@0.0.2 is published, then a fresh <code>npm install A</code> will -install:</p> -<pre><code>A@0.1.0 -`-- B@0.0.2 - `-- C@0.0.1 -</code></pre><p>assuming the new version did not modify B's dependencies. Of course, -the new version of B could include a new version of C and any number -of new dependencies. If such changes are undesirable, the author of A -could specify a dependency on B@0.0.1. However, if A's author and B's -author are not the same person, there's no way for A's author to say -that he or she does not want to pull in newly published versions of C -when B hasn't changed at all.</p> -<p>In this case, A's author can run</p> -<pre><code>npm shrinkwrap -</code></pre><p>This generates <code>npm-shrinkwrap.json</code>, which will look something like this:</p> -<pre><code>{ - "name": "A", - "version": "0.1.0", - "dependencies": { - "B": { - "version": "0.0.1", - "from": "B@^0.0.1", - "resolved": "https://registry.npmjs.org/B/-/B-0.0.1.tgz", - "dependencies": { - "C": { - "version": "0.0.1", - "from": "org/C#v0.0.1", - "resolved": "git://github.com/org/C.git#5c380ae319fc4efe9e7f2d9c78b0faa588fd99b4" - } - } - } - } -} -</code></pre><p>The shrinkwrap command has locked down the dependencies based on what's -currently installed in <code>node_modules</code>. The installation behavior is changed to:</p> -<ol> -<li><p>The module tree described by the shrinkwrap is reproduced. This means -reproducing the structure described in the file, using the specific files -referenced in "resolved" if available, falling back to normal package -resolution using "version" if one isn't.</p> -</li> -<li><p>The tree is walked and any missing dependencies are installed in the usual fashion.</p> -</li> -</ol> -<p>If <code>preshrinkwrap</code>, <code>shrinkwrap</code> or <code>postshrinkwrap</code> are in the <code>scripts</code> property of the -<code>package.json</code>, they will be executed by running <code>npm shrinkwrap</code>. -<code>preshrinkwrap</code> and <code>shrinkwrap</code> are executed before the shrinkwrap, <code>postshrinkwrap</code> is -executed afterwards. For example to run some postprocessing on the generated file:</p> -<pre><code>"scripts": { "postshrinkwrap": "node fix-shrinkwrap.js" } -</code></pre><h3 id="using-shrinkwrapped-packages">Using shrinkwrapped packages</h3> -<p>Using a shrinkwrapped package is no different than using any other -package: you can <code>npm install</code> it by hand, or add a dependency to your -<code>package.json</code> file and <code>npm install</code> it.</p> -<h3 id="building-shrinkwrapped-packages">Building shrinkwrapped packages</h3> -<p>To shrinkwrap an existing package:</p> -<ol> -<li>Run <code>npm install</code> in the package root to install the current -versions of all dependencies.</li> -<li>Validate that the package works as expected with these versions.</li> -<li>Run <code>npm shrinkwrap</code>, add <code>npm-shrinkwrap.json</code> to git, and publish -your package.</li> -</ol> -<p>To add or update a dependency in a shrinkwrapped package:</p> -<ol> -<li>Run <code>npm install</code> in the package root to install the current -versions of all dependencies.</li> -<li>Add or update dependencies. <code>npm install --save</code> or <code>npm install --save-dev</code> -each new or updated package individually to update the <code>package.json</code> and -the shrinkwrap. Note that they must be explicitly named in order to be -installed: running <code>npm install</code> with no arguments will merely reproduce -the existing shrinkwrap.</li> -<li>Validate that the package works as expected with the new -dependencies.</li> -<li>Commit the new <code>npm-shrinkwrap.json</code>, and publish your package.</li> -</ol> -<p>You can use <a href="../cli/npm-outdated.html">npm-outdated(1)</a> to view dependencies with newer versions -available.</p> -<h3 id="other-notes">Other Notes</h3> -<p>A shrinkwrap file must be consistent with the package's <code>package.json</code> -file. <code>npm shrinkwrap</code> will fail if required dependencies are not -already installed, since that would result in a shrinkwrap that -wouldn't actually work. Similarly, the command will fail if there are -extraneous packages (not referenced by <code>package.json</code>), since that would -indicate that <code>package.json</code> is not correct.</p> -<p>Starting with npm v4.0.1, <code>devDependencies</code> are included when you run -<code>npm shrinkwrap</code> and follow the usual rules as to when they're installed. -As of npm v3.10.8, if you run <code>npm install --only=production</code> or -<code>npm install --production</code> with a shrinkwrap including your development -dependencies they won't be installed. Similarly, if the environment -variable <code>NODE_ENV</code> is <code>production</code> then they won't be installed. If you -need compatibility with versions of npm prior to v3.10.8 or otherwise -don't want them in your shrinkwrap you can exclude development -dependencies with: -<code>npm shrinkwrap --only=prod</code> or <code>npm shrinkwrap --production</code>.</p> -<p>If shrinkwrapped package A depends on shrinkwrapped package B, B's -shrinkwrap will not be used as part of the installation of A. However, -because A's shrinkwrap is constructed from a valid installation of B -and recursively specifies all dependencies, the contents of B's -shrinkwrap will implicitly be included in A's shrinkwrap.</p> -<h3 id="caveats">Caveats</h3> -<p>If you wish to lock down the specific bytes included in a package, for -example to have 100% confidence in being able to reproduce a -deployment or build, then you ought to check your dependencies into -source control, or pursue some other mechanism that can verify -contents rather than versions.</p> +<p>This command repurposes <code>package-lock.json</code> into a publishable +<code>npm-shrinkwrap.json</code> or simply creates a new one. The file created and updated +by this command will then take precedence over any other existing or future +<code>package-lock.json</code> files. For a detailed explanation of the design and purpose +of package locks in npm, see <a href="../files/npm-package-locks.html">npm-package-locks(5)</a>.</p> <h2 id="see-also">SEE ALSO</h2> <ul> <li><a href="../cli/npm-install.html">npm-install(1)</a></li> <li><a href="../cli/npm-run-script.html">npm-run-script(1)</a></li> <li><a href="../misc/npm-scripts.html">npm-scripts(7)</a></li> <li><a href="../files/package.json.html">package.json(5)</a></li> +<li><a href="../files/npm-package-locks.html">npm-package-locks(5)</a></li> +<li><a href="../files/package-lock.json.html">package-lock.json(5)</a></li> +<li><a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a></li> <li><a href="../cli/npm-ls.html">npm-ls(1)</a></li> </ul> @@ -180,5 +41,5 @@ contents rather than versions.</p> <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr> <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr> </table> -<p id="footer">npm-shrinkwrap — npm@5.0.0-beta.56</p> +<p id="footer">npm-shrinkwrap — npm@5.0.0</p> |