[TIMOB-19133] Lock versions of titanium, node-appc and alloy dependencies
| GitHub Issue | n/a |
|---|---|
| Type | Improvement |
| Priority | Medium |
| Status | Closed |
| Resolution | Won't Fix |
| Resolution Date | 2015-12-08T16:45:56.000+0000 |
| Affected Version/s | n/a |
| Fix Version/s | n/a |
| Components | Tooling |
| Labels | n/a |
| Reporter | Ingo Muschenetz |
| Assignee | Praveen Innamuri |
| Created | 2015-07-01T17:08:00.000+0000 |
| Updated | 2017-03-22T18:31:15.000+0000 |
Description
Based on our experience with longjohn, I would like to lock the dependency versions of the above plugins.
I would consider we run https://docs.npmjs.com/cli/shrinkwrap before publishing.
(y) for this! It prevent issues like: https://github.com/FokkeZB/gittio/issues/108 I run Node 4.2.3 as well but don't get the warning and my bet is a reinstall of the Ti CLI will resolve it for the reporter as well. If the Ti CLI would use shrink-wrap then this wouldn't happen (or it would for me as well - at least not depend on the environment).
We shinkwrap appc-cli as part of the publishing process as noted in CLI-903. We won't shinkwrap any other parts of the tree as it introduces a large level of process complexity.
OK, but this does mean that if you install Alloy and Titanium straight from NPM you might still have the troubles shrink-wrap fixes. -And I believe shrink-wrap should handle dependencies that also use shrink-wrap fine.- I see you explained the reason why in CLI-903 ;) > On npm install, titanium will grab the latest sanctioned versions (as determined by semver ranges) of dependencies. This allows us to to not need to republish parent projects with new shrinkwapped versions if child projects change (think of if node-ios-device changes, we then need to republish a tree of dependencies)
Closing ticket as the issue will not fix and with reference to the above comments.