mirror of
https://github.com/nodejs/node.git
synced 2025-05-14 23:19:09 +00:00
2e54524955
PR-URL: https://github.com/nodejs/node/pull/35474 Reviewed-By: Ruy Adorno <ruyadorno@github.com> Reviewed-By: Ujjwal Sharma <ryzokuken@disroot.org> Reviewed-By: Ben Coe <bencoe@gmail.com> Reviewed-By: Geoffrey Booth <webmaster@geoffreybooth.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: Guy Bedford <guybedford@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
35 lines
1.3 KiB
Markdown
35 lines
1.3 KiB
Markdown
---
|
|
section: configuring-npm
|
|
title: shrinkwrap.json
|
|
description: A publishable lockfile
|
|
---
|
|
|
|
# npm-shrinkwrap.json(5)
|
|
|
|
## A publishable lockfile
|
|
|
|
### Description
|
|
|
|
`npm-shrinkwrap.json` is a file created by [`npm shrinkwrap`](/cli-commands/shrinkwrap). It is identical to
|
|
`package-lock.json`, with one major caveat: Unlike `package-lock.json`,
|
|
`npm-shrinkwrap.json` may be included when publishing a package.
|
|
|
|
The recommended use-case for `npm-shrinkwrap.json` is applications deployed
|
|
through the publishing process on the registry: for example, daemons and
|
|
command-line tools intended as global installs or `devDependencies`. It's
|
|
strongly discouraged for library authors to publish this file, since that would
|
|
prevent end users from having control over transitive dependency updates.
|
|
|
|
Additionally, if both `package-lock.json` and `npm-shrinkwrap.json` are present
|
|
in a package root, `package-lock.json` will be ignored in favor of this file.
|
|
|
|
For full details and description of the `npm-shrinkwrap.json` file format, refer
|
|
to the manual page for [package-lock.json](/configuring-npm/package-lock-json).
|
|
|
|
### See also
|
|
|
|
* [npm shrinkwrap](/cli-commands/shrinkwrap)
|
|
* [package-lock.json](/configuring-npm/package-lock-json)
|
|
* [package.json](/configuring-npm/package-json)
|
|
* [npm install](/cli-commands/install)
|