Hacker News new | ask | show | jobs
by Touche 4578 days ago
shrinkwrap just locks down a version of a dependency, if the dependency points to a git master branch, that's not locked down. shrinkwrap doesn't install any code. I think his point is valid, although also probably still very rare.
1 comments
elliotf 4578 days ago
npm will translate the git branch to its commit sha when you `npm shrinkwrap` so you're pretty well covered.
link