Javascript applications (not libraries) should publish a npm-shrinkwrap file in the npm package, so when it's installed it downloads the exact same packages every time, without relying on package resolution as specified in the package.json.
✔️ Solution
We are using a monorepo with pnpm.
npm shrinkwrap is a command that is unaware of monorepos.
Analyze how to do it correctly.
📈 Subtasks
[ ] research how to properly generate a shrink-wrap file for the CLI
[ ] change the publishing to include the shrinkwrap
🎯 Definition of Done
[ ] the exact same dependencies are installed every time for a CLI version
📚 Context
Javascript applications (not libraries) should publish a npm-shrinkwrap file in the npm package, so when it's installed it downloads the exact same packages every time, without relying on package resolution as specified in the
package.json
.✔️ Solution
We are using a monorepo with pnpm. npm shrinkwrap is a command that is unaware of monorepos. Analyze how to do it correctly.
📈 Subtasks
🎯 Definition of Done