On Tue, Sep 16, 2014 at 10:14 PM, Marcel Kinard <cmarc...@gmail.com> wrote:
> I've been doing some playing around to understand this better. Here are > the 3 scenarios I tried: > > 1) link: > cd cordova-lib > rm -r node_modules > rm npm-shrinkwrap.json > npm link cordova-js > npm install > npm shrinkwrap > > Result is that ALL the devDependencies from cordova-js are present in the > cordova-lib shrinkwrap.json file. Bad. > > 2) directory install: > cd cordova-lib > rm -r node_modules > rm npm-shrinkwrap.json > npm install ../cordova-js > npm install > npm shrinkwrap > > We've been bit before by this scenario as well. I believe the shrinkwrap will record that cordova-js is located at "../cordova-js" instead of from the registry in this case. > Result is that none of the devDependencies from cordova-js are present in > the cordova-lib shrinkwrap.json file. Good. > > 3) registry install: > cd cordova-lib > rm -r node_modules > rm npm-shrinkwrap.json > npm install cordova-js (fetches from registry) > ^^ Shouldn't need this step right? since "npm install" will grab it from the registry anyways. > npm install > npm shrinkwrap > > Result is that none of the devDependencies from cordova-js are present in > the cordova-lib shrinkwrap.json file. Good. > > So what I get from this is that having a linked dependency matters: the > shrinkwrap command will grab everything in the submodule's directory tree > even if it isn't listed as a dependency in the submodule's package.json. > That feels like a flaw in the shrinkwrap command, especially when the > shrinkwrap command is careful to check that the main module's node_modules > matches its package.json dependencies. It seems to be treating the main > module and the submodules differently. > > On Sep 16, 2014, at 9:56 PM, Andrew Grieve <agri...@chromium.org> wrote: > > >> It shouldn't matter if I had done an "npm link cordova-js" inside of > >> cordova-lib, correct? > > > > This is the key! It *does* matter. shrinkwrap just records what it finds > in > > your node_modules directory, symlinks and all! You always want to do a > > fresh rm -r & npm install before shrinkwrap to ensure you don't have > > extraneous modules in there. > > > > That said, if you did that and it's still showing up, I don't know why > that > > is :S > > I did NOT clean out the node_modules before doing the shrinkwrap. My "npm > link" is present. I wasn't aware this was necessary, and there isn't > anything in the instructions about it. > > Now that I know what to do, I'll update the instructions and respin the > lib, plugman, and cli RCs. I've done it this many times, what's once more? > :-/ > Def. thanks for updating the instructions and for your patience. We all appreciate it! > > On Sep 16, 2014, at 9:25 PM, Carlos Santana <csantan...@gmail.com> wrote: > > > By default, npm install will install all modules listed as dependencies. > > With the --production flag, npm will not install modules listed in > > devDependencies. > > I did try "npm -g install --production cordova@rc" and it is still > pulling in the devDependencies from cordova-js. > > > I will just ignore the Warning on connect and not respin. > > I'm a perfectionist, and don't want to see user confusion about the > warning. > > On a broader note, we definitely need to change how we handle the > shrinkwrap BEFORE the release process. I'll send out a note tomorrow with > some ideas. > >