gulp-shrinkwrap v2.0.3
gulp-shrinkwrap 
Run
npm shrinkwrapfrom a gulp task against a givenpackage.jsonfile. Also allow lockingpackage.jsondependencies to specific versions.
Install
npm install gulp-shrinkwrap --save-devUsage
See the API documentation for more details.
shrinkwrap
Given a gulpfile.js
var gulp = require('gulp'),
shrinkwrap = require('gulp-shrinkwrap');
gulp.task('shrinkwrap', function () {
return gulp.src('package.json')
.pipe(shrinkwrap()) // just like running `npm shrinkwrap`
.pipe(gulp.dest('./')); // writes newly created `npm-shrinkwrap.json` to the location of your choice
});
gulp.task('shrinkwrap-dev', function () {
return gulp.src('package.json')
.pipe(shrinkwrap({dev: true})) // just like running `npm shrinkwrap --dev`
.pipe(gulp.dest('./'));
});When running
$ gulp shrinkwrapThen a npm-shrinkwrap.json file will generated at the
destination of your choice.
Important Notes
- Without the call to
gulp.dest, anpm-shrinkwrap.jsonfile will not be created. - By default,
npm shrinkwrapwill be executed at the path where the suppliedpackage.jsonfile resides. If you want it run in a different context you must supply theprefixoption.
shrinkwrap.lock
Given a gulpfile.js
var gulp = require('gulp'),
shrinkwrap = require('gulp-shrinkwrap');
gulp.task('shrinkwrap', function () {
return gulp.src('package.json')
.pipe(shrinkwrap.lock()) // modifies dependencies and devDependencies in package.json to specific versions
.pipe(gulp.dest('./')); // writes newly modified `package.json`
});And a package.json
{
"name": "my-app",
"version": "1.0.0",
"dependencies": {
"gulp-util": "^3.0.0",
"nopt": "^3.0.1",
"npmconf": "~1.1.5",
"through2": "0.5.1"
},
"devDependencies": {
"gulp": "^3.8.7",
"mocha": "~1.21.3"
}
}When running
$ gulp shrinkwrapThen the package.json file will be modified to be this
{
"name": "my-app",
"version": "1.0.0",
"dependencies": {
"gulp-util": "3.0.0",
"nopt": "3.0.1",
"npmconf": "1.1.5",
"through2": "0.5.1"
},
"devDependencies": {
"gulp": "3.8.7",
"mocha": "1.21.3"
}
}All together
// gulpfile.js
var gulp = require('gulp'),
shrinkwrap = require('gulp-shrinkwrap');
gulp.task('shrinkwrap', function () {
return gulp.src('./custom/package.json')
.pipe(shrinkwrap.lock({devDependencies: false})) // locks dependencies only in `package.json` to specific versions
.pipe(gulp.dest('./new-location')) // writes newly modified `package.json`
.pipe(shrinkwrap()) // just like running `npm shrinkwrap`
.pipe(gulp.dest('./my-custom-dest')); // writes newly created `npm-shrinkwrap.json` to the location of your choice
});Note: if you try to just drop the above code into your project, the call will likely fail. This is because, if you use
wildcards, those will be locked to a specific version but the actual versions installed under node_modules will
likely be newer. This will cause a failure during npm shrinkwrap. To get around this, lock your package.json first,
re-install all dependencies and then shrinkwrap.
Always keep your shrinkwrap up to date
You'll want to update your npm-shrinkwrap.json every time you install a new dependency.
An easy way to do this automatically is via a pre-commit git hook
#!/bin/sh
#
# Run gulp shrinkwrap on every commit so that we always have the most recent
# dependencies checked in.
npm prune > /dev/null
error=$(gulp shrinkwrap)
if [[ $? -ne 0 ]] ; then
echo "$error"
exit 1
fi
# If modified adds file(s) and includes them in commit.
git add package.json
git add npm-shrinkwrap.json