UPDATE: Use yarn and yarn.lock instead! Way simpler and better!
Update, 15. July 2017: NPM 5 included a package-lock.json which is automatically generated after each
$ npm shrinkwrap
This command locks down the versions of a package’s dependencies so that you can control exactly which versions of each dependency will be used when your package is installed. The
package.jsonfile is still required if you want to use
Okay. Let me ask this way —
Are you coming from Ruby? It’s basically like Gemfile.lock
Are you coming from PHP? It’s basically like composer.lock
Basically we can control what dependencies exactly we want to use for our environment.
Allow me to demonstrate.
Alright, we have installed our dependencies, now let’s freeze our dependencies. Run this in our directory.
There we go!
Now we have our dependencies frozen. But why should we care and why do we need this? I’ll tell you why :)
it’s extremely difficult to have control over the version numbers of your dependencies dependencies. For this reason, it’s a bright idea to run npm’s shrinkwrap feature to lock down the versions of dependencies you are using once you have reached a mature point in development.
Updating our shrinkwrap.json
Simple to do. We just run the following in our terminal
npm outdated && npm update
Since I don’t have any outdated packaged currently it will display nothing for me. (Which is good)
Stay tuned, thanks for reading!