Indeed it does, but it’s an antiquated approach that I try to keep out of my open-source packages.
IMO the cost of maintaining an npm-shrinkwrap.json is higher than writing high-quality code that will be resilient enough to handle dynamic dependency resolution.
If I am feeling especially picky about a certain module or set of modules, I’ll generally pin the versions in my projects’ package.json
shrinkwrap.jsongets published :vIndeed it does, but it’s an antiquated approach that I try to keep out of my open-source packages.
IMO the cost of maintaining an
npm-shrinkwrap.jsonis higher than writing high-quality code that will be resilient enough to handle dynamic dependency resolution.If I am feeling especially picky about a certain module or set of modules, I’ll generally pin the versions in my projects’
package.jsonIt doesn't matter what kind of code you write if your dependencies introduce bugs or change published API with a patch version :D
You could not include those dependencies 😂
Be serious 😂