Lockdown
Make sure you're in the loopback project directory:
$ pwd /home/codio/workspace/loopback-zero-to-heroIf not, then get in there:
$ cd ~/workspace/loopback-zero-to-hero/Its easy to let the flexible versioning notations (
*,~or^) inpackage.jsonfool us into working against different versions of dependencies! Since features and bugs vary across versions, let us make sure to work with precisely defined versions for all dependencies.The
package.jsonfile is lenient and uses the^symbol to let you install anything newer than the listed version. For example, the currentpackage.jsonfile which was generated byslcand it contains:"loopback": "^2.14.0", "loopback-boot": "^2.6.5", "loopback-datasource-juggler": "^2.19.0",but if you inspect what was installed (when
npm installauto ran as part of project setup) you'll see much newer versions:$ npm ls | grep loopback ...Now let's freeze the versions so any development or deployments in the future will use these installed versions and nothing else:
$ npm shrinkwrap ... wrote npm-shrinkwrap.jsonA new file is produced. Examine npm-shrinkwrap.json and you will see a much more explicit file that tracks the versions of every dependency and sub-dependency etc. As long as you leave this file in your project and preferably check it into your source control repository, you can expect consistent behavior across developers and deployments. From now on whenever
npm installis run, it will ignore the wishy-washypackage.jsonand instead pay attention tonpm-shrinkwrap.jsonGood deal! onwards and upwards...
Last updated