|
|
|
|
|
|
by nilliams
3616 days ago
|
|
|
> Shrinkwrap is ridiculous. I'm expected to go look at every resolved dependency and individually add them if I want to update or not? Not sure you're aware of the suggested flow (see here [1]), but it isn't ridiculous. Use 'npm outdated' to see which packages are out-of-date and 'npm update --save' to update a dep (and update the shrinkwrap file). Keeping track of stale sub-dependencies is a problem in and of itself, but again that exists with any package manager. (Because you will always need to pin dependencies before you go to prod right). So that 'lockfile' will get out of date pretty fast. Node at least has solutions for this that other communities don't [2] (I haven't tried this service). [1] https://docs.npmjs.com/cli/shrinkwrap#building-shrinkwrapped...
[2] https://greenkeeper.io/ |
|
|