如何防止傳遞開發依賴被包裝

我有一個package.json與黃瓜列爲devDependency。黃瓜對黃瓜-html具有依賴性。出於某種原因，當我在我的項目上運行npm-shrinkwrap時，cucumber-html包含在npm-shrinkwrap.json中。有什麼辦法可以防止這種情況發生？如何防止傳遞開發依賴被包裝

的package.json

"dependencies": { 
 
    "bcrypt": "*", 
 
    "bluebird": "2.2.1", 
 
    "body-parser": "~1.12.0", 
 
    "compression": "*", 
 
    "cookie-parser": "~1.3.4", 
 
    "debug": "~2.1.1", 
 
    "etag": "*", 
 
    "express": "~4.12.2", 
 
    "interpolate": "*", 
 
    "jade": "~1.9.2", 
 
    "jwt-simple": "*", 
 
    "lockdown": "0.0.6", 
 
    "lodash": "*", 
 
    "moment": "*", 
 
    "morgan": "~1.5.1", 
 
    "nano": "*", 
 
    "node-rest-client": "*", 
 
    "node-uuid": "*", 
 
    "nodemailer": "*", 
 
    "passport": "*", 
 
    "passport-jwt": "thedewpoint/passport-jwt", 
 
    "passport-local": "*", 
 
    "q": "*", 
 
    "serve-favicon": "~2.2.0", 
 
    "validator": "*" 
 
    }, 
 
    "devDependencies": { 
 
    "add-stream": "^1.0.0", 
 
    "gulp": "^3.9.0", 
 
    "gulp-angular-templatecache": "^1.7.0", 
 
    "gulp-concat": "^2.6.0", 
 
    "gulp-if": "^1.2.5", 
 
    "gulp-image-optimization": "^0.1.3", 
 
    "gulp-minify-css": "^1.2.0", 
 
    "gulp-minify-html": "^1.0.4", 
 
    "gulp-uglify": "^1.2.0", 
 
    "gulp-useref": "^1.3.0", 
 
    "cucumber": "^0.5.2" 
 
    }

NPM-shrinkwrap.json

"cucumber-html": { 
 
     "version": "0.2.3", 
 
     "from": "[email protected]", 
 
     "resolved": "https://registry.npmjs.org/cucumber-html/-/cucumber-html-0.2.3.tgz" 
 
    },

謝謝

來源

2015-08-24 MorningDew

cucumber-html模塊是否有機會在使用'npm install cucumber-html'在shrinkwrap之前手工安裝？ – GPX

我不這麼認爲。我刪除了所有節點模塊，並執行了npm install，然後npm shrinkwrap，我仍然看到它 – MorningDew

這可能是一個特定於版本的錯誤。你是否檢查過npm的問題跟蹤器，看看其他人是否面臨類似的問題？另外，當你刪除node_modules時，你是否也刪除了現有的shrinkwrap文件？ – GPX

我不確定我明白爲什麼每個人都認爲這是一個問題。這是npm-shrinkwrap背後的一點。它在文檔中說，它遞歸地鎖定每個依賴項。所以它鎖定傳遞依賴的事實是預期的行爲。要回答原始問題，文檔並不表示這是可能的，除非通過將您的依賴項安裝到源代碼控制中來完成所有工作。

來源

2015-10-31 21:57:56 ingshtrom

如何防止傳遞開發依賴被包裝

回答

相關問題