NPM在我们的依赖项package.json中锁定依赖项版本 [英] NPM Lock down dependency versions in our dependencies package.json

查看:1024
本文介绍了NPM在我们的依赖项package.json中锁定依赖项版本的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

因此,我有一个可以引入某些依赖性的应用程序.我已经弄清楚了如何轻松锁定它们,因此我的Package.json看起来像这样:

So I have an application that pulls in some dependencies. I have figured out how to lock those down quite easily and thus my Package.json looks like so:

"webpack": "2.2.1",

太好了!所以webpack被锁定为那个版本,但是我注意到webpacks package.json中有一些东西.他们没有锁定他们的依赖关系:

Great! So webpack is locked to that version, but I have noticed something in webpacks package.json. They don't lockdown their dependencies:

"dependencies": {
    "acorn": "^4.0.4",
    "acorn-dynamic-import": "^2.0.0",
    "ajv": "^4.7.0",
    "ajv-keywords": "^1.1.1",
    "async": "^2.1.2",
    "enhanced-resolve": "^3.0.0",
    "interpret": "^1.0.0",
    "json-loader": "^0.5.4",
    "loader-runner": "^2.3.0",
    "loader-utils": "^0.2.16",
    "memory-fs": "~0.4.1",
    "mkdirp": "~0.5.0",
    "node-libs-browser": "^2.0.0",
    "source-map": "^0.5.3",
    "supports-color": "^3.1.0",
    "tapable": "~0.2.5",
    "uglify-js": "^2.8.5",
    "watchpack": "^1.2.0",
    "webpack-sources": "^0.2.0",
    "yargs": "^6.0.0"
  },

因此,前几天,我们的应用程序在一个容器上旋转并抓住了应有的webpack 2.2.1,但抓住了导致我们的生产应用程序出现问题的最新uglify-js.

So the other day our app spun up on a container and grabbed webpack 2.2.1 like it should have, but grabbed the latest uglify-js which caused issues with our production app.

反正有为我们的依赖项所利用的依赖项强制执行版本吗?

Is there anyway to enforce versions for dependencies that our dependencies are utilizing?

推荐答案

npm shrinkwrap是我一直在寻找和需要的东西.

npm shrinkwrap is what I was looking for and needing.

这篇关于NPM在我们的依赖项package.json中锁定依赖项版本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆