Latest stable "cookie-session" dependency not satisfied

[marcfallows]

Hello, I've just tried upgrading to the latest stable (0.6.3) and am not having any luck when I try to start the blog.

I think there may be an issue with the dependency not being listed in the npm-shrinkwrap.json. I noticed in previous stable releases this file is updated.

Note: I have done an npm install so the error message does not help fixing the issue.

>npm start

> ghost@0.6.3 start C:\Users\Marc\Work\trishadvisor.com\ghost
> node index

ERROR: Ghost is unable to start due to missing dependencies:
  Cannot find module 'cookie-session'

Please run `npm install --production` and try starting Ghost again.
Help and documentation can be found at http://support.ghost.org.

[ErisDS]

Hi there @marcfallows thanks for the detailed report.

Not sure how but the commit to add the new shrinkwrap file was missing from stable. I must've missed something during the release process, sorry! Have fixed it now :)

[marcfallows]

Thanks @ErisDS, looks good now.

That did make me wonder though: All of the version tags (say, 0.6.2) are set before the npm-shrinkwrap commit. That means if I were to pull a specific tag to run a specific version, the blog would not work (npm start would likely fail due to missing dependencies).

Or, am I missing something about how the stable release branch works. Perhaps there needs to be version tags as well: 0.6.2-release?

[ErisDS]

The tags point to master, not stable. The stable branch is a nicety we provide for people installing from git, so that upgrading becomes a matter of pulling. I know from other projects keeping the shrinkwrap file in master is a nightmare, so this is the difference between the two.

Honestly, I'd rather have no one installing from git at all except contributors - it's always where people get stuck & need support, so I don't think doing more things to encourage it is the right thing at this point in the project.

[marcfallows]

What workflow would you recommend then for someone running Ghost with some customizations? I've been using GitHub for deployment. Should I be merging my changes with the master branch version tag instead?

Or, is there some other recommended best practice for this type of scenario?

[ErisDS]

There is no recommended best practice for working with a hacked version of Ghost. I don't mean to be glib, but if you're hacking core it really is up to you to find a workflow that works for you ;)

[tonglil]

Installing Ghost (during upgrade from 0.6.0 to 0.6.4) using the zip from the officialwebsite also yields this error, when trying to start the server.

Had to manually npm install cookie-session.

[ErisDS]

The cookie-session dependency is definitely present in the npm-shrinkwrap.json file included in the 0.6.4 zip file (you can search for it to verify). Did you copy across the new npm-shrinkwrap.json during the upgrade process?

[tonglil]

Ah, you're right!

When I followed the install instructions during the unzip, it didn't overwrite the existing files from 0.6.0 so when npm install --production it didn't update the project dependencies.

I had expected it to overwrite existing files since the upgrade to 0.5.10 did so.

Thanks!

On Jul 5, 2015, at 11:53 AM, Hannah Wolfe notifications@github.com wrote:

The cookie-session dependency is definitely present in the npm-shrinkwrap.json file included in the 0.6.4 zip file (you can search for it to verify). Did you copy across the new npm-shrinkwrap.json during the upgrade process?

— Reply to this email directly or view it on GitHub.