gulp-shrinkwrap
v2.0.3
Published
Run npm shrinkwrap from a gulp task
Downloads
147
Maintainers
Readme
gulp-shrinkwrap
Run
npm shrinkwrap
from a gulp task against a givenpackage.json
file. Also allow lockingpackage.json
dependencies to specific versions.
Install
npm install gulp-shrinkwrap --save-dev
Usage
See the API documentation for more details.
shrinkwrap
Given a gulpfile.js
var gulp = require('gulp'),
shrinkwrap = require('gulp-shrinkwrap');
gulp.task('shrinkwrap', function () {
return gulp.src('package.json')
.pipe(shrinkwrap()) // just like running `npm shrinkwrap`
.pipe(gulp.dest('./')); // writes newly created `npm-shrinkwrap.json` to the location of your choice
});
gulp.task('shrinkwrap-dev', function () {
return gulp.src('package.json')
.pipe(shrinkwrap({dev: true})) // just like running `npm shrinkwrap --dev`
.pipe(gulp.dest('./'));
});
When running
$ gulp shrinkwrap
Then a npm-shrinkwrap.json
file will generated at the
destination of your choice.
Important Notes
- Without the call to
gulp.dest
, anpm-shrinkwrap.json
file will not be created. - By default,
npm shrinkwrap
will be executed at the path where the suppliedpackage.json
file resides. If you want it run in a different context you must supply theprefix
option.
shrinkwrap.lock
Given a gulpfile.js
var gulp = require('gulp'),
shrinkwrap = require('gulp-shrinkwrap');
gulp.task('shrinkwrap', function () {
return gulp.src('package.json')
.pipe(shrinkwrap.lock()) // modifies dependencies and devDependencies in package.json to specific versions
.pipe(gulp.dest('./')); // writes newly modified `package.json`
});
And a package.json
{
"name": "my-app",
"version": "1.0.0",
"dependencies": {
"gulp-util": "^3.0.0",
"nopt": "^3.0.1",
"npmconf": "~1.1.5",
"through2": "0.5.1"
},
"devDependencies": {
"gulp": "^3.8.7",
"mocha": "~1.21.3"
}
}
When running
$ gulp shrinkwrap
Then the package.json
file will be modified to be this
{
"name": "my-app",
"version": "1.0.0",
"dependencies": {
"gulp-util": "3.0.0",
"nopt": "3.0.1",
"npmconf": "1.1.5",
"through2": "0.5.1"
},
"devDependencies": {
"gulp": "3.8.7",
"mocha": "1.21.3"
}
}
All together
// gulpfile.js
var gulp = require('gulp'),
shrinkwrap = require('gulp-shrinkwrap');
gulp.task('shrinkwrap', function () {
return gulp.src('./custom/package.json')
.pipe(shrinkwrap.lock({devDependencies: false})) // locks dependencies only in `package.json` to specific versions
.pipe(gulp.dest('./new-location')) // writes newly modified `package.json`
.pipe(shrinkwrap()) // just like running `npm shrinkwrap`
.pipe(gulp.dest('./my-custom-dest')); // writes newly created `npm-shrinkwrap.json` to the location of your choice
});
Note: if you try to just drop the above code into your project, the call will likely fail. This is because, if you use
wildcards, those will be locked to a specific version but the actual versions installed under node_modules
will
likely be newer. This will cause a failure during npm shrinkwrap
. To get around this, lock your package.json
first,
re-install all dependencies and then shrinkwrap.
Always keep your shrinkwrap up to date
You'll want to update your npm-shrinkwrap.json
every time you install a new dependency.
An easy way to do this automatically is via a pre-commit
git hook
#!/bin/sh
#
# Run gulp shrinkwrap on every commit so that we always have the most recent
# dependencies checked in.
npm prune > /dev/null
error=$(gulp shrinkwrap)
if [[ $? -ne 0 ]] ; then
echo "$error"
exit 1
fi
# If modified adds file(s) and includes them in commit.
git add package.json
git add npm-shrinkwrap.json