-
Notifications
You must be signed in to change notification settings - Fork 9
Can no longer be installed due to npm-shrinkwrap 5.4.0 dependency #22
Comments
I guess you’d also have to update in |
This isn't great, but is necessary because of metalsmith-concat dependency problem (aymericbeaumet/metalsmith-concat#22). Hopefully it will be fixed and we can remove the note.
Installing with |
…uild shrinkwrap file. NPM 2 has been shipping with Node.js since v0.11.14 in late 2014, so it seems save to move up to shrinkwrap 200.x, which is for NPM 2+. Fixes aymericbeaumet#22.
thanks for the heads-up, should now be fixed, reopen if needed! |
@aymericbeaumet Thanks! I know it’s slightly out-of-scope for this issue, but can I ask why all the dev dependencies are shrinkwrapped? There are only 4 dependencies for a consumer of the library, but the shrinkwrap file lists 267 dependencies, which is a lot more to pull down when someone tries to |
i don't think the dev dependencies are being included in the shrinkwrap $ npm shrinkwrap
npm WARN shrinkwrap Excluding devDependency: [email protected] { minimatch: '3.0.0' }
npm WARN shrinkwrap Excluding devDependency: [email protected] { minimatch: '3.0.0' }
npm WARN shrinkwrap Excluding devDependency: [email protected] { minimatch: '3.0.0' }
npm WARN shrinkwrap Excluding devDependency: [email protected] { minimatch: '3.0.0' }
npm WARN shrinkwrap Excluding devDependency: [email protected] { minimatch: '3.0.0' }
wrote npm-shrinkwrap.json the file lists 267 dependencies because it includes all the dependencies (recursively, down to the last one) $ npm shrinkwrap --dev
$ git diff | wc -l
548 |
Well, just looking at: https://github.com/aymericbeaumet/metalsmith-concat/blob/master/npm-shrinkwrap.json And if you look into …so there should only be 4 modules in There are clearly a lot more things than that listed in the file. |
npm-remote-ls is also a helpful tool for this kind of stuff:
|
Also, I’d venture a guess that you’re tripping over the same problem I was when I tried to do this in my PR—it’s easiest if you blow away your shrinkwrap file before regenerating; it can screw up the generation of a new one. That’s why I had a second commit that modified the shrinkwrap file again: f0ce590 |
i see, |
No problem :) |
I’ve just started working on a project that uses metalsmith-concat and can’t seem to install it because of the dependency on npm-shrinkwrap 5.4.0. That version of shrinkwrap depends on an older version of read-json that is no longer available (not sure if any relation to Azer Koçulu unpublishing of a bunch of modules yesterday, read-json among them).
At any rate, npm-shrinkwrap 5.4.1 appears to no longer depend on read-json and is installable for me. So I think the issue would be resolved by simply bumping the dependency up to 5.4.1 in
package.json
.The text was updated successfully, but these errors were encountered: