4

我有一个带有黄瓜列为 devDependency 的 package.json。cucumber 依赖于 cucumber-html。出于某种原因,当我在我的项目上运行 npm-shrinkwrap 时,cucumber-html 包含在 npm-shrinkwrap.json 中。有什么办法可以防止这种情况发生吗?

包.json

"dependencies": {
    "bcrypt": "*",
    "bluebird": "2.2.1",
    "body-parser": "~1.12.0",
    "compression": "*",
    "cookie-parser": "~1.3.4",
    "debug": "~2.1.1",
    "etag": "*",
    "express": "~4.12.2",
    "interpolate": "*",
    "jade": "~1.9.2",
    "jwt-simple": "*",
    "lockdown": "0.0.6",
    "lodash": "*",
    "moment": "*",
    "morgan": "~1.5.1",
    "nano": "*",
    "node-rest-client": "*",
    "node-uuid": "*",
    "nodemailer": "*",
    "passport": "*",
    "passport-jwt": "thedewpoint/passport-jwt",
    "passport-local": "*",
    "q": "*",
    "serve-favicon": "~2.2.0",
    "validator": "*"
  },
  "devDependencies": {
    "add-stream": "^1.0.0",
    "gulp": "^3.9.0",
    "gulp-angular-templatecache": "^1.7.0",
    "gulp-concat": "^2.6.0",
    "gulp-if": "^1.2.5",
    "gulp-image-optimization": "^0.1.3",
    "gulp-minify-css": "^1.2.0",
    "gulp-minify-html": "^1.0.4",
    "gulp-uglify": "^1.2.0",
    "gulp-useref": "^1.3.0",
    "cucumber": "^0.5.2"
  }

npm-shrinkwrap.json

 "cucumber-html": {
      "version": "0.2.3",
      "from": "cucumber-html@0.2.3",
      "resolved": "https://registry.npmjs.org/cucumber-html/-/cucumber-html-0.2.3.tgz"
    },

谢谢

4

1 回答 1

1

我不确定我是否理解为什么每个人都认为这是一个问题。这就是 npm-shrinkwrap 背后的要点。它在文档中说它递归地锁定了每个依赖项。因此,它锁定传递依赖的事实是预期的行为。为了回答最初的问题,文档并没有表明这是可能的,除非通过将依赖项安装到源代码控制中来自己完成所有事情。

于 2015-10-31T21:57:56.297 回答