angular-cn/npm-shrinkwrap.readme.md

3.1 KiB

All of our npm dependencies are locked via the npm-shrinkwrap.json file for the following reasons:

  • our project has lots of dependencies which update at unpredictable times, so it's important that we update them explicitly once in a while rather than implicitly when any of us runs npm install
  • locked dependencies allow us to do reuse npm cache on travis, significantly speeding up our builds (by 5 minutes or more)
  • locked dependencies allow us to detect when node_modules folder is out of date after a branch switch which allows us to build the project with the correct dependencies every time

We also generate npm-shrinkwrap.clean.js file which is used during code reviews or debugging to easily review what has actually changed without extra noise.

To add a new dependency do the following:

  1. if you are on linux or windows, then use MacOS or ask someone with MacOS to perform the installation. This is due to an optional fsevents dependency that is really required on MacOS to get good performance from file watching.
  2. make sure you are in sync with upstream/master
  3. ensure that your node_modules directory is not stale by running npm install
  4. add a new dependency via npm install --save-dev <packagename>
  5. run ./tools/npm/reshrinkwrap
  6. these steps should change 3 files: package.json, npm-shrinkwrap.json and npm-shrinkwrap.clean.json
  7. commit changes to these three files and you are done

To update existing dependency do the following:

  1. if you are on linux or windows, then use MacOS or ask someone with MacOS to perform the installation. This is due to an optional fsevents dependency that is really required on MacOS to get good performance from file watching.
  2. make sure you are in sync with upstream/master: git fetch upstream && git rebase upstream/master
  3. ensure that your node_modules directory is not stale by running npm install
  4. run npm install --save-dev <packagename>@<version|latest> or npm update <packagename> to update to the latest version that matches version constraint in package.json
  5. run ./tools/npm/reshrinkwrap
  6. these steps should change 2 files: npm-shrinkwrap.json and npm-shrinkwrap.clean.json. Optionally if you used npm install ... in the first step, package.json might be modified as well.
  7. commit changes to these three files and you are done

To Remove an existing dependency do the following:

  1. if you are on linux or windows, then use MacOS or ask someone with MacOS to perform the installation. This is due to an optional fsevents dependency that is really required on MacOS to get good performance from file watching.
  2. make sure you are in sync with upstream/master: git fetch upstream && git rebase upstream/master
  3. ensure that your node_modules directory is not stale by running npm install
  4. run npm uninstall --save-dev <packagename>@<version|latest>
  5. run ./tools/npm/reshrinkwrap
  6. these steps should change 3 files: npm-shrinkwrap.json and npm-shrinkwrap.clean.json.
  7. commit changes to these three files and you are done