Skip to content

fix: remove package-lock before generating npm-shrinkwrap file #518

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hugomrdias merged 1 commit into from
Feb 14, 2020
Merged

fix: remove package-lock before generating npm-shrinkwrap file #518

hugomrdias merged 1 commit into from
Feb 14, 2020

Conversation

@achingbrain
Copy link
Member

@achingbrain achingbrain commented Feb 13, 2020
edited
Loading

npm shrinkwrap renames your package-lock.json if present, this includes project dev deps which npm seems to be installing even though the published module with the shrinkwrap file is a dependency.

If we install with the --production flag, then remove the package-lock.json file and then run shrinkwrap, no dev deps are included in the shrinkwrap file.

This only affects npm, yarn seems to do the right thing.

Fixes #516

@achingbrain
fix: remove package-lock before generating npm-shrinkwrap file
d2fa7e4 
`npm shrinkwrap` renames your `package-lock.json` if present, this
includes project dev deps which npm seems to be installing even
though the published module with the shrinkwrap file is a dependency.

If we install with the `--production` flag, then remove the
`package-lock.json` file and *then* run shrinkwrap, no dev deps are
included in the shrinkwrap file.

This only affects npm, yarn seems to do the right thing.

Fixes #516
alanshaw
alanshaw approved these changes Feb 13, 2020
View reviewed changes
Copy link
Member

@alanshaw alanshaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, we should get this merged asap and get a patch release out on 0.41.

@alanshaw alanshaw mentioned this pull request Feb 14, 2020
Merged
@hugomrdias hugomrdias merged commit 02fc308 into master Feb 14, 2020
@hugomrdias hugomrdias deleted the omit-dev-deps-from-shrinkwrap branch February 14, 2020 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alanshaw alanshaw alanshaw approved these changes

+1 more reviewer

@hugomrdias hugomrdias hugomrdias approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Omit dev deps from shrinkwrap/yarn.lock

4 participants

@achingbrain @alanshaw @hugomrdias