Locking ALL versions for npm

October 01, 2014

I have experienced a lot of pain with npm modules over the past year or so. I would largely attribute my pain to three main things:

  • The number of modules
  • The number of dependencies per module
  • The frequency at which modules change

Today, I was listening to JavaScript Jabber episode 127 and they mentioned a feature of npm of which I was not aware, but is a total game changer. The npm command shrinkwrap will create a file called npm-shrinkwrap.json which will ‘lock-in’ every version of every one of your npm dependencies as well as your dependencies’ dependencies and so on down the chain. When you have an npm-shrinkwrap.json file in addition to your package.json file an npm install will use the dependencies listed in npm-shrinkwrap.json instead of re-resolving the whole dependency tree again based on your package.json file as well as the package.json file for all of your dependencies and their dependencies.

This is a great feature, I wish I would have known about it a year ago. This will definitely help resolve a lot of issues for me personally.

Education consists mainly of what we have unlearned. - Mark Twain