npm install does not verify shrinkwrap correctness

uber-archive / npm-shrinkwrap

A consistent shrinkwrap tool

MIT License

774 stars 47 forks source link

npm install does not verify shrinkwrap correctness #16

Open Raynos opened 10 years ago

Raynos commented 10 years ago

When you do npm install in a folder which has an npm-shrinkwrap.json file it will only verify that top level dependencies have the same version as per node_modules & npm-shrinkwrap.json

It does not recursively verify that your node_modules tree and npm-shrinkwrap.json file agree.

sh1mmer commented 10 years ago

This seems like an npm bug which they should fix.

Raynos commented 10 years ago

We should get this landed ( https://github.com/npm/npm/pull/2950 )

cvrebert commented 9 years ago

2950 ended up being rejected in favor of https://github.com/npm/npm/issues/6928