npm-shrinkwrap | 易学教程

How do I omit a package from being included in my yarn.lock file?

阅读更多关于 How do I omit a package from being included in my yarn.lock file?

问题 So in my package.json I have a bunch of npm libs, and one private repo being pulled in from a git ssh url which needs to always be the latest build. The yarn.lock adds the git sha and yarn upgrade etc won't grab the newest one. Basically, given this: "dependencies": { "some-package" : "^0.x.x", "some-other-package" : "*", "my-private-git-repo" : "git+ssh://git@bitbucket.org/me/myrepo.git", "lastlibrary" : "^4.0.3" }, I want yarn.lock or npm shrinkwrap to ignore my-private-git-repo Is this

npm-shrinkwrap.json: Could not install from "node_modules/react-navigation/react-native-tab-view@github:react-navigation/react-native-tab-view

阅读更多关于 npm-shrinkwrap.json: Could not install from "node_modules/react-navigation/react-native-tab-view@github:react-navigation/react-native-tab-view

问题 I tried to run an npm install this morning on a React Native 0.53.3 project with "react-navigation": "1.5.11", and I got this error: npm ERR! code ENOLOCAL npm ERR! Could not install from "node_modules/react-navigation/react-native-tab-view@github:react-navigation/react-native-tab-view#36ebd834d78b841fc19778c966465d02fd1213bb" as it does not contain a package.json file. I thought it would resolve by adding this to my package.json file: "react-native-tab-view": "^1.3.2", but I continue to get

How can I switch between a linked npm dependency (in development) and an installed dependency (in staging/prod)?

阅读更多关于 How can I switch between a linked npm dependency (in development) and an installed dependency (in staging/prod)?

问题 I have a custom npm module that I am working on, and it has a GitHub repo. I'm also working on a project that uses the custom module. When working on the larger project, it is nice to use npm link so I can make changes to the module and see them right away in the main project. To deploy to staging or production, I use shrinkwrap and shrinkpack so I can do an npm install after every deploy (some of the dependencies need binaries, and dev systems aren't the same as production systems, so they

NPM lockfiles/shrinkwrap get random “dl” parameter tacked on to the “resolved” URL

阅读更多关于 NPM lockfiles/shrinkwrap get random “dl” parameter tacked on to the “resolved” URL

问题 Our company uses an Artifactory repository for storing internally-published packages and as a proxy for the NPM registry. Sometimes the resolved field in lockfiles/shrinkwrap files is as expected, containing URLs for our internal repository, but occasionally they show up as something like this (line break added for clarity): https://our.repository.com/artifactory/api/npm/some-repo/lodash/-/lodash-3.10.1.tgz ?dl=https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz Then, from pull request to

NPM lockfiles/shrinkwrap get random “dl” parameter tacked on to the “resolved” URL

阅读更多关于 NPM lockfiles/shrinkwrap get random “dl” parameter tacked on to the “resolved” URL

Our company uses an Artifactory repository for storing internally-published packages and as a proxy for the NPM registry. Sometimes the resolved field in lockfiles/shrinkwrap files is as expected, containing URLs for our internal repository, but occasionally they show up as something like this (line break added for clarity): https://our.repository.com/artifactory/api/npm/some-repo/lodash/-/lodash-3.10.1.tgz ?dl=https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz Then, from pull request to pull requests, these dl parameters constantly oscillate to being present or removed depending on which

meteor fails, can't install npm-packages from npm-shrinkwrap

阅读更多关于 meteor fails, can't install npm-packages from npm-shrinkwrap

问题 I have been diagnosing this issue for a few days and have tested the top issue resolutions that appear for "meteor" and "npm" dependencies that look similar to this one. Both I and my back-end engineer are stumped. I'm using an OSX 10.10.3, ruby 1.9.3, node v0.10.36, npm 1.4.28, meteor 1.1.02. Also, I am not behind a proxy as the error seems to indicate. My environment PATH is: export PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin" Here's the error: => Started proxy. => Started MongoDB.

meteor fails, can't install npm-packages from npm-shrinkwrap

阅读更多关于 meteor fails, can't install npm-packages from npm-shrinkwrap

I have been diagnosing this issue for a few days and have tested the top issue resolutions that appear for "meteor" and "npm" dependencies that look similar to this one. Both I and my back-end engineer are stumped. I'm using an OSX 10.10.3, ruby 1.9.3, node v0.10.36, npm 1.4.28, meteor 1.1.02. Also, I am not behind a proxy as the error seems to indicate. My environment PATH is: export PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin" Here's the error: => Started proxy. => Started MongoDB. npm-container: updating npm dependencies -- hummus, shipping-ups... npm WARN package.json packages-for

How do I override nested dependencies with `yarn`?

阅读更多关于 How do I override nested dependencies with `yarn`?

If my package has these dependencies { "name": "my-package", "dependencies": { "foobar":"~1.0.3", "baz":"2.0.9" } And the foobar package has these dependencies { "name": "foobar", "dependencies": { "baz":"^2.0.0" } and the most recently released version of baz is 2.1.0 , the first run of yarn will install baz@2.1.0 in foobar/node_modules . How do I force yarn to use the baz@2.0.9 package for foobar ? My understanding is that this would be possible using npm shrinkwrap (a la this question ). The summary of my question probably is: Yarn creates repeatable, deterministic installations, but how do

What is the difference between npm-shrinkwrap.json and package-lock.json?

阅读更多关于 What is the difference between npm-shrinkwrap.json and package-lock.json?

With the release of npm@5 , it will now write a package-lock.json unless a npm-shrinkwrap.json already exists. I installed npm@5 globally via: npm install npm@5 -g And now, if a npm-shrinkwrap.json is found during: npm install a warning will be printed: npm WARN read-shrinkwrap This version of npm is compatible with lockfileVersion@1, but npm-shrinkwrap.json was generated for lockfileVersion@0. I'll try to do my best with it! So my take-away is that I should replace the shrinkwrap with the package-lock.json . Yet why is there a new format for it? What can the package-lock.json do that the npm

How do I override nested dependencies with `yarn`?

阅读更多关于 How do I override nested dependencies with `yarn`?

问题 If my package has these dependencies { "name": "my-package", "dependencies": { "foobar":"~1.0.3", "baz":"2.0.9" } And the foobar package has these dependencies { "name": "foobar", "dependencies": { "baz":"^2.0.0" } and the most recently released version of baz is 2.1.0 , the first run of yarn will install baz@2.1.0 in foobar/node_modules . How do I force yarn to use the baz@2.0.9 package for foobar ? My understanding is that this would be possible using npm shrinkwrap (a la this question).