Tuesday, 6 June 2017

NPM and npm-shrinkwrap to control transient dependency

Background

I can't seem to get npm-shrinkwrap to work. I am currently using a leaflet plugin called leaflet.zoomslider which has a dependency on leaflet 0.7.7. I am trying to upgrade my app to use leafet@1.0.3. Since zoomslider brings in 0.7.7 and I am importing leaflet 1.0.3 both libraries are imported (ultimately 0.7.7 will be imported last and will trump 1.0.3 in my situation)

zoomslider seems to work fine with 1.0.3 and I have already submitted a bug to the library owner to update their package.json file.

Problem

After some googling I found npm-shrinkwrap. I performed the following

npm install -g npm-shrinkwrap

npm install

npm shrinkwrap

This successfully created my npm-shrinkwrap.json file. To force the transient dependency of leaflet to be 1.0.3 I edited my npm-shrinkwrap.json file manually

leaflet.zoomslider: { version: 0.7.0, from: leaflet.zoomslider@0.7.0, resolved: ... dependencies: { leaflet: { version: 1.0.3 from: leaflet@1.0.3, resolved: ...... } } }

I removed my node_modules folder, npm installed again and noticed that my app is still bringing in both 0.7.7 and 1.0.3 leaflet. In fact, I removed my node_modules folder and gave both zoomslider and the transient leaflet dependencies bogus version numbers in the npm-shrinkwrap.json file and the npm install completed successfully with no errors.

Any thoughts?



via Matthew Kirkley

No comments:

Post a Comment