All You Need To Know About shrinkwrap.json

Image for post
Image for post

UPDATE: Use yarn and yarn.lock instead! Way simpler and better!
Update, 15. July 2017: NPM 5 included a package-lock.json which is automatically generated after each npm install


$ npm shrinkwrap

This command locks down the versions of a package’s dependencies so that you can control exactly which versions of each dependency will be used when your package is installed. The package.json file is still required if you want to use npm install.

Okay. Let me ask this way —

Are you coming from Ruby? It’s basically like Gemfile.lock

Are you coming from PHP? It’s basically like composer.lock

Basically we can control what dependencies exactly we want to use for our environment.

Allow me to demonstrate.

Image for post
Image for post
Let’s make our sandbox directory called shrinkwrap.
Image for post
Image for post
Start our Nodejs project and install Express server
Image for post
Image for post
Peek inside package.json

Alright, we have installed our dependencies, now let’s freeze our dependencies. Run this in our directory.

npm shrinkwrap
Image for post
Image for post

There we go!

Now we have our dependencies frozen. But why should we care and why do we need this? I’ll tell you why :)

it’s extremely difficult to have control over the version numbers of your dependencies dependencies. For this reason, it’s a bright idea to run npm’s shrinkwrap feature to lock down the versions of dependencies you are using once you have reached a mature point in development.

Updating our shrinkwrap.json

Simple to do. We just run the following in our terminal

npm outdated && npm update
Image for post
Image for post

Since I don’t have any outdated packaged currently it will display nothing for me. (Which is good)

Stay tuned, thanks for reading!

Written by

Software engineer, tech journalist, startups. Stay up to date, Twitter @

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store