Am Freitag, 21. März 2014 18:23:43 UTC+1 schrieb ryandesign: > > In what way was shrinkwrap useless before? In your opinion is it now > fixed?
because npm allowed to override a package before. so same version but different code. this is fixed now, but not complete. you still can unpublish a version, which might be a problem, or not. I have not yet looked into using shrinkwrap, but from what I understood it > provided better guarantees than just using package.json, while not > requiring me to check in all the third-party modules I use into my own > repository. > thats the point of shrinkwrap, yes. but it works only, if a published package@version is immutable and stay there forever. the point here is to have stable deployments. it is not stable yet, since a dependencie can disappear. in this case, you have to install a new dependancy manually. > > On Mar 21, 2014, at 03:26, greelgorke <[email protected] <javascript:>> > wrote: > > > shrinkwrap was useless before, but since npm disallows to override > specific versions, you get the guarantee, that the published thing is the > same all time. unfortunately npm still does not prevent the forced > unpublish, so it is possible that the package is gone. but you can prevent > that by a private registry mirror. > -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
