jywarren
commented
9 years ago Hmm, i'm not in the habit of checking in node_modules -- could we simply drop that? What's the stronger convention?
Closed ghost closed 1 year ago
jywarren
commented
9 years ago Hmm, i'm not in the habit of checking in node_modules -- could we simply drop that? What's the stronger convention?
ghost
commented
9 years ago This patch unstages the node_modules directory so it is no longer checked in. Instead, it uses the npm shrinkwrap command to generate an exact list of dependency versions.
jywarren
commented
9 years ago +1
I'm not entirely sure about this change myself, so feedback would be good.
The instructions for installation tell people to run
npm install, but thenode_modules/directory is checked into git, sogit diffshows pages and pages of changes right away because newer versions of dependencies compatible with the semver ranges are available upstream.I think it might be better to use the
npm shrinkwrapfeature, so that when people usenpm installthey will get exactly the same versions to help future-proof the application in a similar way as checking in thenode_modulesdirectory but without all the noise ingit diffandgit status. Checking innode_modulescan also be problematic for binary dependencies like thekerberospackage used bymongoose.This patch adds an
npm-shrinkwrap.jsonfile (built with npm version 3, should work in older versions too) and unstages thenode_modulesdirectory so that when people donpm installthey will get versions known to work with the application but in a way that creates less hassle with git.