484c664445
Using npm-shrinkwrap, we are locking in our dependency tree completely, leaving no scope of being affected by any regression in any of the dependencies. In other words, all of the dependency tree is dumped in npm-shrinkwrap.json file. Using shrinkpack, we are also committing these tarballs of dependencies in node_shrinkwrap/, so that, we are not depending on npm registry at all during our build process. Since these are just tarballs, its also better space-wise than committing node_modules/ per se. Developers when want to update any dependency should bump the version in package.json, and also commit the new copy of tarballs in node_shrinkwrap/. See: https://github.com/JamieMason/shrinkpack for more info.
7.7 KiB
7.7 KiB