npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

shrinkwrap-scalpel

v1.0.1

Published

Avoid absorbing unwanted dependency updates while upgrading specific modules within a shrinkwrap.

Downloads

2

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tylerjpetersontylerjpeterson

Keywords

Readme

shrinkwrap-scalpel

avoid absorbing unwanted dependency updates when upgrading specific modules from within a shrinkwrap

I feel like this must be built into npm already, or at least exist as a package... But after a lot of time spent looking without success, I decided to write this module. If there's a better existing approach, please share.

There's often a need to update a specific module in a project that has already been shrink-wrapped. Specifically,

  • you want to minimize changes to tested / production code
  • you are working on a shrink-wrapped project with an npm-shrinkwrap.json file
  • your project has a dependency on [email protected]
  • your project needs to update to [email protected]
  • no other dependency should pick up patch, minor, or major updates

But if you remove the shrinkwrap to update some-module, you almost certainly take in numerous patches, minor updates, and possibly major updates across all dependencies, not just some-module. This results in substantially different built files. This module provides a CLI to solve for this scenario.

The module first looks up to its closest package.json from cwd and guides you through upgrading (or downgrading) one or more of your dependencies. Once you indicate which version of each packages you're after, a bundle is built in a temp directory. A new dependency tree for the specified modules is composed, pruned, and shrinkwrapped. These dependencies and their trees replace the old versions in the npm-shrinkwrap.json, leaving all other dependency trees unchanged. The existing shrinkwrap is backed up, and the new shrinkwrap file is written in its place.

Re-install using the new npm-shrinkwrap.json file. You will still see built file diffs, but they should be limited to the upgraded modules, leaving the diff predictable, small and succinct. No patches, minor releases, or major releases will be absorbed from other dependencies no matter how liberal your initial dependency requirements were.

Installation

Install globally from npm.

$ npm i -g shrinkwrap-scalpel

Usage

At any depth from within a shrinkwrapped project, run scalp or scalpel:

$ scalp

    shrinkwrap
     _______ _______ _______         _____  _______
     |______ |       |_____| |      |_____] |______ |
     ______| |_____  |     | |_____ |       |______ |_____

                                                    v1.1.0
 

? Which dependency(ies) would you like to upgrade? (Press <space> to select)
❯◯ @scope/[email protected]
 ◯ @scope/[email protected]
 ◯ @scope/[email protected]
 ◯ @scope/[email protected]
 ◯ @scope/[email protected]
 ◯ @scope/[email protected]
 ◯ @scope/[email protected]
(Move up and down to reveal more choices)

All of your dependencies will appear. Select the ones you wish to upgrade by using the arrows and space bar. Next, the module blasts out a number of async npm view calls to retrieve module versions.

Select the version of each you wish to install.

? Which dependency(ies) would you like to upgrade? @scope/[email protected], @scope/[email protected]
? Use which version of @scope/module-a? (currently 0.5.0) 0.4.0
? Use which version of @scope/module-b? (currently 1.3.1) (Use arrow keys)
❯ 1.2.0
  1.3.0

Modules are installed at the requested version in a temp dir. Once complete, the temporary bundle is pruned, shrinkwrapped, injected into the old shrinkwrap, and written in place of the previous npm-shrinkwrap.json file in cwd. Run your project through a test install before deleting your old shrinkwrap backup.

Your old shrinkwrap is backed up in the same directory, just in case.

Output a diff to $EDITOR

Pass scalpel --diff and a diff between the old shrinkwrap and the new opens in $EDITOR upon completion.

$ scalp --diff

Documentation

Class methods and members are documented adherent to JSDoc - to build documentation locally, run:

$ npm run docs && open docs/index.html

Tests and coverage

Coming soon.

Known issues

  1. Does not handle situations where a dependency of an upgraded module satisfies another dependency's dependency. Not quite sure how best to handle (or if it's a scenario worth worrying about).

  2. Uses babel to compile the script post-install. This introduces some delicacy and overhead. But since many still use Node 0.12, and binding is annoying, here we are.

  3. Tests.