Open dtgriscom opened 7 years ago
Not 100% sure, but I think npmbox
will respect shrinkwrap files. Might reasonably be considered a bug if not.
[Note: I'm a contributor to the project, but not the leader of it.]
I just checked, and it doesn't seem to. Test:
npm-shrinkwrap.json
file, specifying abbrev
version 1.0.9 (among many other packages)npmbox abbrev
npmbox
packaged version 1.0.9 of abbrev
It would be good if npmbox
did respect versions in an npm-shrinkwrap.json
file (or had some other mechanism for doing the equivalent).
I'm using
npmbox
to download and archive packages to be later installed for my project. But, I can only specify the versions for the 13 primary dependencies in mypackage.json
; the 176 total sub-dependencies are free to change at will (subject to the sometimes arbitrary version specs of the parent packages).With
npm
I can shrinkwrap the versions of all the packages once they've been installed, but then I can't archive them that way. I believe usingnpmbox
is just like un-shrinkwrappednpm
, where dependency package versions can change each time I usenpmbox
. (Yes, once I've wrapped it all in a.npmbox
archive the versions won't change, but if I ever want to update a single package I'll have to take whatever sub-dependency versions get downloaded.)Am I right that there's no current way with
npmbox
to be precise about a sub-dependency's version? Is there any way I can end up with a.npmbox
archive holding an exactly specified set of packages, sub-versions included?