Node.js收缩包装package.json导致npm安装更新新版本 [英] Node.js shrinkwrapped package.json causes npm install to update new versions regardless

问题描述

我在名为"deployment"的git分支中有一个 npm-shrinkwrap.json 和一个 package.json .

I've got a npm-shrinkwrap.json and a package.json in a git branch called "deployment".

在我的服务器上，我从github获取并合并了这个部署分支.这样可以确保我的服务器具有最新的部署版本.

On my servers, I fetch and merge this deployment branch from github. This ensures that my servers have the latest deployment version.

由于未交付node_modules二进制文件等，因此在拉出项目存储库后，我也需要在服务器端运行 npm install 或 npm update 从服务器.

Because the node_modules binaries etc. are not being shipped, I need to run npm install or npm update on the server side too, after the project repository has been pulled from the server.

这就是为什么我决定使用 npmrinkwrap 的原因.但是，即使我在主文件夹中有此 npm-shrinkwrap.json 并运行 npm install 时，即使收缩包装的json文件具有锁定这些.看来npm甚至都没有查看收缩包装文件.

This is why I decided to use npm shrinkwrap. However, even when I have this npm-shrinkwrap.json in the main folder and run npm install, it still installs newer versions of submodules, even though the shrinkwrapped json file has locked these down. It seems like npm does not even look at the shrinkwrap file.

任何人都可以解释为什么会发生这种情况，以及如何解决这种情况吗?

Could anyone explain why this happens, and how to resolve this situation?

这是 package.json 的一部分:

"dependencies" : {
    "eventemitter2" : "0.4.9",
    "after"         : "0.4.1",
    "express"       : "2.5.9"
},
"devDependencies" : {
    "mocha"     : ">= 1.0.3 < 2",
    "should"    : ">= 0.6.3 < 1",
    "request"   : ">= 2.9.202 < 3",
    "commander" : ">= 0.6.0 < 1"
},

npm-shrinkwrap.json 是:

{
  "name": "appname",
  "version": "0.0.1",
  "dependencies": {
    "eventemitter2": {
      "version": "0.4.9"
    },
    "after": {
      "version": "0.4.1"
    },
    "express": {
      "version": "2.5.9",
      "dependencies": {
        "connect": {
          "version": "1.8.7",
          "dependencies": {
            "formidable": {
              "version": "1.0.9"
            }
          }
        },
        "mime": {
          "version": "1.2.4"
        },
        "qs": {
          "version": "0.4.2"
        },
        "mkdirp": {
          "version": "0.3.0"
        }
      }
    },
    "commander": {
      "version": "0.6.0"
    },
    "should": {
      "version": "0.6.3"
    },
    "request": {
      "version": "2.9.202"
    }
  }
}

但是，当我运行 npm install 时，它已将 qs 从版本0.4.2更新到版本0.5.0.此外，它还将 mime 更新为1.2.5.为什么这样做呢?

Yet, when I ran npm install it updated qs from version 0.4.2 to version 0.5.0. Also, it updated mime to 1.2.5. Why did it do this?

npm install 返回以下内容:

qs@0.5.0 ./node_modules/express/node_modules/connect/node_modules/qs
mime@1.2.5 ./node_modules/express/node_modules/connect/node_modules/mime

足够有趣的是，收缩包装都不包含任何这些.我想这是问题所在.现在的问题是为什么它不包含这些.

Interestingly enough the shrinkwrap contains neither of these. I guess this is the problem. Now the question is why it did not contain these.

推荐答案

您的 npm-shrinkwrap.json 不包含connect的qs版本.您应该先 npm install ，然后再生成收缩包装.

Your npm-shrinkwrap.json doesn't include connect's version of qs. You should npm install before you generate your shrinkwrap.

这篇关于Node.js收缩包装package.json导致npm安装更新新版本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！