Node.js收缩包装package.json导致npm安装更新新版本 [英] Node.js shrinkwrapped package.json causes npm install to update new versions regardless
问题描述
我在名为"deployment"的git分支中有一个 npm-shrinkwrap.json
和一个 package.json
.
I've got a npm-shrinkwrap.json
and a package.json
in a git branch called "deployment".
在我的服务器上,我从github获取并合并了这个部署分支.这样可以确保我的服务器具有最新的部署版本.
On my servers, I fetch and merge this deployment branch from github. This ensures that my servers have the latest deployment version.
由于未交付node_modules二进制文件等,因此在拉出项目存储库后,我也需要在服务器端运行 npm install
或 npm update
从服务器.
Because the node_modules binaries etc. are not being shipped, I need to run npm install
or npm update
on the server side too, after the project repository has been pulled from the server.
这就是为什么我决定使用 npmrinkwrap
的原因.但是,即使我在主文件夹中有此 npm-shrinkwrap.json
并运行 npm install
时,即使收缩包装的json文件具有锁定这些.看来npm甚至都没有查看收缩包装文件.
This is why I decided to use npm shrinkwrap
. However, even when I have this npm-shrinkwrap.json
in the main folder and run npm install
, it still installs newer versions of submodules, even though the shrinkwrapped json file has locked these down. It seems like npm does not even look at the shrinkwrap file.
任何人都可以解释为什么会发生这种情况,以及如何解决这种情况吗?
Could anyone explain why this happens, and how to resolve this situation?
这是 package.json
的一部分:
"dependencies" : {
"eventemitter2" : "0.4.9",
"after" : "0.4.1",
"express" : "2.5.9"
},
"devDependencies" : {
"mocha" : ">= 1.0.3 < 2",
"should" : ">= 0.6.3 < 1",
"request" : ">= 2.9.202 < 3",
"commander" : ">= 0.6.0 < 1"
},
npm-shrinkwrap.json
是:
{
"name": "appname",
"version": "0.0.1",
"dependencies": {
"eventemitter2": {
"version": "0.4.9"
},
"after": {
"version": "0.4.1"
},
"express": {
"version": "2.5.9",
"dependencies": {
"connect": {
"version": "1.8.7",
"dependencies": {
"formidable": {
"version": "1.0.9"
}
}
},
"mime": {
"version": "1.2.4"
},
"qs": {
"version": "0.4.2"
},
"mkdirp": {
"version": "0.3.0"
}
}
},
"commander": {
"version": "0.6.0"
},
"should": {
"version": "0.6.3"
},
"request": {
"version": "2.9.202"
}
}
}
但是,当我运行 npm install
时,它已将 qs
从版本0.4.2更新到版本0.5.0.此外,它还将 mime
更新为1.2.5.为什么这样做呢?
Yet, when I ran npm install
it updated qs
from version 0.4.2 to version 0.5.0. Also, it updated mime
to 1.2.5. Why did it do this?
npm install
返回以下内容:
qs@0.5.0 ./node_modules/express/node_modules/connect/node_modules/qs
mime@1.2.5 ./node_modules/express/node_modules/connect/node_modules/mime
足够有趣的是,收缩包装都不包含任何这些.我想这是问题所在.现在的问题是为什么它不包含这些.
Interestingly enough the shrinkwrap contains neither of these. I guess this is the problem. Now the question is why it did not contain these.
推荐答案
您的 npm-shrinkwrap.json
不包含connect的qs版本.您应该先 npm install
,然后再生成收缩包装.
Your npm-shrinkwrap.json
doesn't include connect's version of qs. You should npm install
before you generate your shrinkwrap.
这篇关于Node.js收缩包装package.json导致npm安装更新新版本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!