Question 1

Is npm-shrinkwrap still maintained?

Accepted Answer

No, npm-shrinkwrap is deprecated and not maintained, as stated in the README. It's only suitable for legacy projects stuck on older npm versions, and using it in new projects is not recommended due to lack of updates.

Question 2

npm-shrinkwrap vs package-lock.json: which should I use?

Accepted Answer

For modern npm projects, package-lock.json is the standard and supported lockfile. npm-shrinkwrap was designed for npm shrinkwrap and offers extra verification, but it's deprecated and doesn't support npm >=3, so package-lock.json is the better choice today.

Question 3

How to install npm-shrinkwrap?

Accepted Answer

For npm@2, use 'npm install npm-shrinkwrap'. For npm@1, use 'npm install npm-shrinkwrap@100.x'. Remember that it doesn't work with npm version 3 or higher, so check your npm version first.

Question 4

What does npm-shrinkwrap diff do?

Accepted Answer

It generates a human-readable diff of shrinkwrap changes between two states, such as git commits or files, making it easier to see what dependencies were added, removed, or updated. Options like --depth and --short allow customization.

Question 5

How to sync node_modules with npm-shrinkwrap?

Accepted Answer

Use the 'npm-shrinkwrap sync' command, which ensures node_modules matches the npm-shrinkwrap.json file exactly by removing excess modules. This helps maintain consistency, but it's only effective if the shrinkwrap file is up-to-date.

Question 6

Can npm-shrinkwrap validate private registry usage?

Accepted Answer

Yes, it supports custom validators that can enforce rules like ensuring all dependencies point to a private registry. The README mentions this as a useful assertion for programmatic configuration.

npm-shrinkwrap

What is npm-shrinkwrap?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions