npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

gulp-shrinkwrap

v2.0.3

Published

Run npm shrinkwrap from a gulp task

Downloads

114

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

chmontgomerychmontgomery

Keywords

gulpgulpfriendlypackage.jsondepenencydepenencies

Readme

gulp-shrinkwrap NPM version Build Status

Run npm shrinkwrap from a gulp task against a given package.json file. Also allow locking package.json dependencies to specific versions.

Install

npm install gulp-shrinkwrap --save-dev

Usage

See the API documentation for more details.

shrinkwrap

Given a gulpfile.js

var gulp = require('gulp'),
  shrinkwrap = require('gulp-shrinkwrap');

gulp.task('shrinkwrap', function () {
  return gulp.src('package.json')
    .pipe(shrinkwrap())      // just like running `npm shrinkwrap`
    .pipe(gulp.dest('./'));  // writes newly created `npm-shrinkwrap.json` to the location of your choice
});

gulp.task('shrinkwrap-dev', function () {
  return gulp.src('package.json')
    .pipe(shrinkwrap({dev: true}))  // just like running `npm shrinkwrap --dev`
    .pipe(gulp.dest('./'));
});

When running

$ gulp shrinkwrap

Then a npm-shrinkwrap.json file will generated at the destination of your choice.

Important Notes

  1. Without the call to gulp.dest, a npm-shrinkwrap.json file will not be created.
  2. By default, npm shrinkwrap will be executed at the path where the supplied package.json file resides. If you want it run in a different context you must supply the prefix option.

shrinkwrap.lock

Given a gulpfile.js

var gulp = require('gulp'),
  shrinkwrap = require('gulp-shrinkwrap');

gulp.task('shrinkwrap', function () {
  return gulp.src('package.json')
    .pipe(shrinkwrap.lock())  // modifies dependencies and devDependencies in package.json to specific versions

    .pipe(gulp.dest('./'));   // writes newly modified `package.json`
});

And a package.json

{
  "name": "my-app",
  "version": "1.0.0",
  "dependencies": {
    "gulp-util": "^3.0.0",
    "nopt": "^3.0.1",
    "npmconf": "~1.1.5",
    "through2": "0.5.1"
  },
  "devDependencies": {
    "gulp": "^3.8.7",
    "mocha": "~1.21.3"
  }
}

When running

$ gulp shrinkwrap

Then the package.json file will be modified to be this

{
  "name": "my-app",
  "version": "1.0.0",
  "dependencies": {
    "gulp-util": "3.0.0",
    "nopt": "3.0.1",
    "npmconf": "1.1.5",
    "through2": "0.5.1"
  },
  "devDependencies": {
    "gulp": "3.8.7",
    "mocha": "1.21.3"
  }
}

All together

// gulpfile.js
var gulp = require('gulp'),
  shrinkwrap = require('gulp-shrinkwrap');

gulp.task('shrinkwrap', function () {
  return gulp.src('./custom/package.json')
    .pipe(shrinkwrap.lock({devDependencies: false}))  // locks dependencies only in `package.json` to specific versions

    .pipe(gulp.dest('./new-location'))                // writes newly modified `package.json`
    .pipe(shrinkwrap())                               // just like running `npm shrinkwrap`
    .pipe(gulp.dest('./my-custom-dest'));             // writes newly created `npm-shrinkwrap.json` to the location of your choice
});

Note: if you try to just drop the above code into your project, the call will likely fail. This is because, if you use wildcards, those will be locked to a specific version but the actual versions installed under node_modules will likely be newer. This will cause a failure during npm shrinkwrap. To get around this, lock your package.json first, re-install all dependencies and then shrinkwrap.

Always keep your shrinkwrap up to date

You'll want to update your npm-shrinkwrap.json every time you install a new dependency. An easy way to do this automatically is via a pre-commit git hook

#!/bin/sh
#
# Run gulp shrinkwrap on every commit so that we always have the most recent
# dependencies checked in.
 
npm prune > /dev/null
error=$(gulp shrinkwrap)
if [[ $? -ne 0 ]] ; then
  echo "$error"
  exit 1
fi
 
# If modified adds file(s) and includes them in commit.
git add package.json
git add npm-shrinkwrap.json

License

MIT © Chris Montgomery