I am using angular-cli and building a SPA using Angular2. I have a Jenkins build system for my application where in every time there is a change in my project repository, a build is triggered which basically deletes the entire node_modules folder and then does npm install followed by my build process. All this is done remotely on a Linux machine.
Problem:
Now the issue I am facing is that of the secondary and tertiary dependencies. Most of the dependencies (if not all) I am installing using npm have their own packagae.json file which in turn have their own, so on & so forth. So even if I freeze the versions in my main package.json file by removing carets or tildes, there is no way I can control the version of the secondary and tertiary dependencies. This is resulting into a lot of UNMET PEER DEPENDENCY errors as one dependency needs one version of the same component while the other one needs another!
Question:
So my question is, how do I make sure that this does not happen and achieve a stable dependency installation?
You can keep your
package.jsonas is and runnpm shrinkwrap, which will create a new filenpm-shrinkwrap.jsonwith the exact versions of all package hierarchy installed at the time you ran it.If you commit this file, the next time you run
npm install, npm should detect the file and respect it.Documentation:
https://docs.npmjs.com/cli/shrinkwrap
P.S.
Another option that works similarly is Facebook's
yarnnpm client (a tool similar to the local npm tool).It uses its own
yarn.lockfile, and it's much faster as it caches dependencies in its own shared cache making next installs much faster.But for your use case on the build server, it might be harder to set it up or so. That's why I emphasized the answer on npm itself.