67 lines
3.6 KiB
Markdown
67 lines
3.6 KiB
Markdown
All of our npm dependencies are locked via the `npm-shrinkwrap.json` file for the following reasons:
|
|
|
|
- our project has lots of dependencies which update at unpredictable times, so it's important that
|
|
we update them explicitly once in a while rather than implicitly when any of us runs npm install
|
|
- locked dependencies allow us to do reuse npm cache on travis, significantly speeding up our builds
|
|
(by 5min or more)
|
|
- locked dependencies allow us to detect when node_modules folder is out of date after a branch switch
|
|
which allows us to build the project with the correct dependencies every time
|
|
|
|
However npm's shrinkwrap is known to be buggy, so we need to take some extra steps to deal with this.
|
|
The most important step is generating the npm-shrinkwrap.clean.js which is used during code reviews
|
|
or debugging to easily review what has actually changed.
|
|
See https://github.com/npm/npm/issues/3581 for related npm issue. A common symptom is that the `from` property of various dependencies in `npm-shrinkwrap.json` "arbitrarily" changes depending on when and where the shrinkwrap command was run.
|
|
|
|
To add a new dependency do the following:
|
|
|
|
1. if you are on linux or windows, then use MacOS or ask someone with MacOS to perform the installation. This is due to an optional `fsevents` dependency that is really required on MacOS to get good performance from file watching.
|
|
2. make sure you are in sync with `upstream/master`
|
|
3. ensure that your `node_modules` directory is not stale or poisoned by doing a clean install with `rm -rf node_modules && npm install`
|
|
4. add a new dependency via `npm install -D <packagename>`
|
|
5. update npm-shrinkwrap.json with `npm shrinkwrap --dev` (see note below about the `minichain` issue)
|
|
6. run `./tools/npm/clean-shrinkwrap.js`
|
|
7. these steps should change 3 files: `package.json`, `npm-shrinkwrap.json` and `npm-shrinkwrap.clean.json`
|
|
8. commit changes to these three files and you are done
|
|
|
|
|
|
To update existing dependency do the following:
|
|
|
|
1. if you are on linux or windows, then use MacOS or ask someone with MacOS to perform the installation. This is due to an optional `fsevents` dependency that is really required on MacOS to get good performance from file watching.
|
|
2. make sure you are in sync with `upstream/master`: `git fetch upstream && git rebase upstream/master`
|
|
3. ensure that your `node_modules` directory is not stale or poisoned by doing a clean install with `rm -rf node_modules && npm install`
|
|
4. run `npm install -D <packagename>@<version|latest>` or `npm update <packagename>` to update to the latest version that matches version constraint in `package.json`
|
|
5. relock the dependencies with `npm shrinkwrap --dev` (see note below about the `minichain` issue)
|
|
6. clean up the shrinkwrap file for review with `./tools/npm/clean-shrinkwrap.js`
|
|
7. these steps should change 2 files: `npm-shrinkwrap.json` and `npm-shrinkwrap.clean.json`. Optionally if you used `npm install ...` in the first step, `package.json` might be modified as well
|
|
8. commit changes to these three files and you are done
|
|
|
|
|
|
|
|
=== Note about `minichain` dependency ===
|
|
|
|
Due to https://github.com/Bartvds/minitable/issues/2, we need to do extra dance to `tsd` and its transitive dependency `minitable` whenever we update our shrinkwrap file.
|
|
|
|
1. Manually patch `node_modules/tsd/node_modules/minitable/package.json` and remove the `minichain` from the `peerDependencies` section.
|
|
|
|
before:
|
|
|
|
```
|
|
"peerDependencies": {
|
|
"minichain": "~X.Y.Z",
|
|
...
|
|
},
|
|
```
|
|
|
|
|
|
after:
|
|
|
|
```
|
|
"peerDependencies": {
|
|
...
|
|
},
|
|
```
|
|
|
|
2. Then delete the `minichain` directory: `rm -rf node_modules/tsd/node_modules/minichain`.
|
|
|
|
Afterwards resume the shrinkwrap update and cleaning steps.
|