|
|
|
|
|
|
by 9point6
3536 days ago
|
|
|
NPM is deterministic when there using the same package.json and there is no existing node_modules folder. And if you want to lock versions for your entire dependency tree, npm shrinkwrap is what you're looking for (It's essentially the same as lockfiles in other development package managers). Though for security reasons I prefer to keep things locked to a major version only (e.g. "^2.0.0"). Shrinkwrapping is useful in this instance too if you need to have predictable builds (and installs as it'll use the shrinkwrap when installing dependencies too if it's a library rather than the main app) but want to ensure your dependencies stay up to date. It's not perfect by any measure, but there are ways to make it work the way you want. |
|
|