Closed ghost closed 1 year ago
Hmm, i'm not in the habit of checking in node_modules -- could we simply drop that? What's the stronger convention?
This patch unstages the node_modules
directory so it is no longer checked in. Instead, it uses the npm shrinkwrap
command to generate an exact list of dependency versions.
+1
I'm not entirely sure about this change myself, so feedback would be good.
The instructions for installation tell people to run
npm install
, but thenode_modules/
directory is checked into git, sogit diff
shows pages and pages of changes right away because newer versions of dependencies compatible with the semver ranges are available upstream.I think it might be better to use the
npm shrinkwrap
feature, so that when people usenpm install
they will get exactly the same versions to help future-proof the application in a similar way as checking in thenode_modules
directory but without all the noise ingit diff
andgit status
. Checking innode_modules
can also be problematic for binary dependencies like thekerberos
package used bymongoose
.This patch adds an
npm-shrinkwrap.json
file (built with npm version 3, should work in older versions too) and unstages thenode_modules
directory so that when people donpm install
they will get versions known to work with the application but in a way that creates less hassle with git.