Using NPM shrinkwrap allows the whole dependency tree to be pinned so that when deploying we can be more confident that a package change won't then cause a broken build.
This was previously done during 9cd55550b649987632a8646c08826f462b4e68f7 but Azure doesn't yet support NPM v4 which patches an issue with using shrinkwrap.
The commit and pull request that undid this is: #205
Code climate
Would also be good to revert the commit that removes nodesecurity from codeclimate (2ef525ee0a8717fe80a27eeeea36d975b40597b6)
Using NPM shrinkwrap allows the whole dependency tree to be pinned so that when deploying we can be more confident that a package change won't then cause a broken build.
This was previously done during 9cd55550b649987632a8646c08826f462b4e68f7 but Azure doesn't yet support NPM v4 which patches an issue with using shrinkwrap.
The commit and pull request that undid this is: #205
Code climate
Would also be good to revert the commit that removes nodesecurity from codeclimate (2ef525ee0a8717fe80a27eeeea36d975b40597b6)