search

pump-io / pump.io

Social server with an ActivityStreams API
http://pump.io/
Apache License 2.0
2.21k stars 332 forks source link

npm-shrinkwrap.json #1506

Open strugee opened 6 years ago

strugee commented 6 years ago

We should probably start shipping an npm-shrinkwrap.json file in production builds. This will also help with reproducible builds (#1505).

strugee commented 6 years ago

I think maybe a good way to do this is to run a Travis cronjob that runs npm update --depth=9999 and then runs unit tests. If the unit tests pass (i.e. integration is ok) then it would commit a package-lock.json update. When it comes time to release we'd just generate a shrinkwrap file from the existing lockfile.

strugee commented 6 years ago

So, this is now committed to the repository. Leaving open for the Travis automation part of this.