search

redbooth / npm-shrinkwrap-check

Util to check that package.json and npm-shrinkwrap.json are in sync.
14 stars 7 forks source link

Errors after clean install #12

Open joscha opened 8 years ago

joscha commented 8 years ago

After a clean install of https://bitbucket.org/atlassian/atlaskit

I still get:

package.json and npm-shrinkwrap.json out of sync
 * incremental-dom found in package.json but not in npm-shrinkwrap.json
 * readline-sync found in package.json but not in npm-shrinkwrap.json
 * detective found in package.json but not in npm-shrinkwrap.json
 * jstransform found in package.json but not in npm-shrinkwrap.json
 * base62 found in package.json but not in npm-shrinkwrap.json
 * commoner found in package.json but not in npm-shrinkwrap.json
 * envify found in package.json but not in npm-shrinkwrap.json
 * @kadira/react-split-pane found in npm-shrinkwrap.json but not in package.json
 * @kadira/storybook-ui found in npm-shrinkwrap.json but not in package.json
 * airbnb-js-shims found in npm-shrinkwrap.json but not in package.json
 * babel-polyfill found in npm-shrinkwrap.json but not in package.json
 * cjson found in npm-shrinkwrap.json but not in package.json
 * deep-equal found in npm-shrinkwrap.json but not in package.json
 * fuzzysearch found in npm-shrinkwrap.json but not in package.json
 * keycode found in npm-shrinkwrap.json but not in package.json
 * lodash.pick found in npm-shrinkwrap.json but not in package.json
 * mantra-core found in npm-shrinkwrap.json but not in package.json
 * npm-registry-client found in npm-shrinkwrap.json but not in package.json
 * page-bus found in npm-shrinkwrap.json but not in package.json
 * react-fuzzy found in npm-shrinkwrap.json but not in package.json
 * react-inspector found in npm-shrinkwrap.json but not in package.json
 * react-modal found in npm-shrinkwrap.json but not in package.json
 * redbox-react found in npm-shrinkwrap.json but not in package.json
 * redux found in npm-shrinkwrap.json but not in package.json
 * stack-source-map found in npm-shrinkwrap.json but not in package.json
 * webpack-hot-middleware found in npm-shrinkwrap.json but not in package.json

after running npm-shrinkwrap-check -3. Shouldn't this report green after a clean node_modules folder with a fresh install? I can't really make sense of the errors - it seems like a mix of dev dependencies?

Morantron commented 8 years ago

Looks like messages when running with the -3 flag need to be improved, since they are quite misleading.

The thing is that when running with npm3 support enabled we cannot just diff npm-shrinkwrap.json and package.json, because of the flat dependencies structure. In order to find out if a shrinkwrapped dependency it's really in package.json ( or required by one of the package.json dependencies ) I need to walk the node_modules folder and check that myself.

Looks like in atlaskit repo, some dependencies are contained under a packages folder, so things get trickier. I'm not very familiar with lerna and I'm not sure how it works, but I tried to regenerate npm-shrinkwrap.json file and that doesn't work either. Why is that?

We have a similiar structure where we have some sort of submodules within our main app. One workaround could be to shrinkwrap each of these submodules independently.

joscha commented 8 years ago

@Morantron don't worry about the packages in the packages folder, they definitely should be shrinkwrapped separately. We should only be concerned about the modules in the main folder.

Morantron commented 8 years ago

@joscha any idea why npm shrinkwrap cannot be created after a fresh install?

I get this:

=> ~/hacking/atlaskit npm shrinkwrap
npm ERR! Linux 4.6.3-1-ARCH
npm ERR! argv "/home/jorge/.nvm/versions/node/v4.2.3/bin/node" "/home/jorge/.nvm/versions/node/v4.2.3/bin/npm" "shrinkwrap"
npm ERR! node v4.2.3
npm ERR! npm  v3.5.2

npm ERR! Problems were encountered
npm ERR! Please correct and try again.
npm ERR! invalid: have gremlins.js@0.1.0 (expected: github:marmelab/gremlins.js#699af579a2f3e36cd3ba1d68c13893e80e40e674) /home/jorge/hacking/atlaskit/node_modules/gremlins.js
npm ERR! invalid: have cz-conventional-changelog@0.0.0-semantically-released.0 (expected: github:jpnelson/cz-conventional-changelog#a9a5468d) /home/jorge/hacking/atlaskit/node_modules/cz-lerna-changelog/node_modules/cz-conventional-changelog
npm ERR! extraneous: cz-conventional-changelog@0.0.0-semantically-released.0 /home/jorge/hacking/atlaskit/node_modules/cz-lerna-changelog/node_modules/cz-conventional-changelog
npm ERR! extraneous: gremlins.js@0.1.0 /home/jorge/hacking/atlaskit/node_modules/gremlins.js
npm ERR! invalid: have npmlog@3.1.2 (expected: ) /home/jorge/hacking/atlaskit/node_modules/npm-registry-client/node_modules/npmlog
npm ERR! extraneous: npmlog@3.1.2 /home/jorge/hacking/atlaskit/node_modules/npm-registry-client/node_modules/npmlog
npm ERR! invalid: have webcomponents.js@0.7.21 (expected: github:skatejs/webcomponentsjs#skate-v1) /home/jorge/hacking/atlaskit/node_modules/skatejs-named-slots/node_modules/webcomponents.js
npm ERR! extraneous: webcomponents.js@0.7.21 /home/jorge/hacking/atlaskit/node_modules/skatejs-named-slots/node_modules/webcomponents.js
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     /home/jorge/hacking/atlaskit/npm-debug.log

I wonder if setting an specific SHA as a a dependency breaks npm shrikwrap