Open strugee opened 6 years ago
I think maybe a good way to do this is to run a Travis cronjob that runs npm update --depth=9999
and then runs unit tests. If the unit tests pass (i.e. integration is ok) then it would commit a package-lock.json
update. When it comes time to release we'd just generate a shrinkwrap file from the existing lockfile.
So, this is now committed to the repository. Leaving open for the Travis automation part of this.
We should probably start shipping an
npm-shrinkwrap.json
file in production builds. This will also help with reproducible builds (#1505).