Open joscha opened 8 years ago
Looks like messages when running with the -3
flag need to be improved, since they are quite misleading.
The thing is that when running with npm3 support enabled we cannot just diff npm-shrinkwrap.json
and package.json
, because of the flat dependencies structure. In order to find out if a shrinkwrapped dependency it's really in package.json ( or required by one of the package.json dependencies ) I need to walk the node_modules
folder and check that myself.
Looks like in atlaskit repo, some dependencies are contained under a packages
folder, so things get trickier. I'm not very familiar with lerna and I'm not sure how it works, but I tried to regenerate npm-shrinkwrap.json
file and that doesn't work either. Why is that?
We have a similiar structure where we have some sort of submodules within our main app. One workaround could be to shrinkwrap each of these submodules independently.
@Morantron don't worry about the packages in the packages
folder, they definitely should be shrinkwrapped separately. We should only be concerned about the modules in the main folder.
@joscha any idea why npm shrinkwrap
cannot be created after a fresh install?
I get this:
=> ~/hacking/atlaskit npm shrinkwrap
npm ERR! Linux 4.6.3-1-ARCH
npm ERR! argv "/home/jorge/.nvm/versions/node/v4.2.3/bin/node" "/home/jorge/.nvm/versions/node/v4.2.3/bin/npm" "shrinkwrap"
npm ERR! node v4.2.3
npm ERR! npm v3.5.2
npm ERR! Problems were encountered
npm ERR! Please correct and try again.
npm ERR! invalid: have gremlins.js@0.1.0 (expected: github:marmelab/gremlins.js#699af579a2f3e36cd3ba1d68c13893e80e40e674) /home/jorge/hacking/atlaskit/node_modules/gremlins.js
npm ERR! invalid: have cz-conventional-changelog@0.0.0-semantically-released.0 (expected: github:jpnelson/cz-conventional-changelog#a9a5468d) /home/jorge/hacking/atlaskit/node_modules/cz-lerna-changelog/node_modules/cz-conventional-changelog
npm ERR! extraneous: cz-conventional-changelog@0.0.0-semantically-released.0 /home/jorge/hacking/atlaskit/node_modules/cz-lerna-changelog/node_modules/cz-conventional-changelog
npm ERR! extraneous: gremlins.js@0.1.0 /home/jorge/hacking/atlaskit/node_modules/gremlins.js
npm ERR! invalid: have npmlog@3.1.2 (expected: ) /home/jorge/hacking/atlaskit/node_modules/npm-registry-client/node_modules/npmlog
npm ERR! extraneous: npmlog@3.1.2 /home/jorge/hacking/atlaskit/node_modules/npm-registry-client/node_modules/npmlog
npm ERR! invalid: have webcomponents.js@0.7.21 (expected: github:skatejs/webcomponentsjs#skate-v1) /home/jorge/hacking/atlaskit/node_modules/skatejs-named-slots/node_modules/webcomponents.js
npm ERR! extraneous: webcomponents.js@0.7.21 /home/jorge/hacking/atlaskit/node_modules/skatejs-named-slots/node_modules/webcomponents.js
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR! <https://github.com/npm/npm/issues>
npm ERR! Please include the following file with any support request:
npm ERR! /home/jorge/hacking/atlaskit/npm-debug.log
I wonder if setting an specific SHA as a a dependency breaks npm shrikwrap
After a clean install of https://bitbucket.org/atlassian/atlaskit
I still get:
after running
npm-shrinkwrap-check -3
. Shouldn't this report green after a clean node_modules folder with a fresh install? I can't really make sense of the errors - it seems like a mix of dev dependencies?