Stop checking your dependencies in to source control

Previously whenever you wanted to lock down a version of your software that was using NPM for dependency management, you had to check in your entire node_modules folder in to source control. This led to a lot of issues, not the least of which was the fact that your repository size grew by hundreds of megs.  If you had many repositories, all using NPM, you not only wasted a lot space and time, but also prevented NPM from helping you.

Enter npm shrinkwrap, a new command from NPM for exactly this situation.

How To Use

Assuming that you are currently using npm for your application, then you probably already have a node_modules folder and a package.json file.  You may want to leave the development branch of your repository as is, and only shrinkwrap the release branch.

Switch over to your release branch in your repository.  For me, that would be

git checkout release

To use shrinkwrap for this branch, all you need to do is run this command:

npm shrinkwrap

when the command finishes, you will now have a npm-shrinkwrap.json in your project folder.  That really was all there is to it.  Now check that in, and when your build server builds the release and calls npm install, the shrinkwrap json file will be used instead of your package.json file, and the dependencies will be locked in so the application will run just as you expected even if you recompile it months down the line after many of the dependancies have been changed.

Full documentation here: https://docs.npmjs.com/cli/shrinkwrap