Skip to content
This repository has been archived by the owner on May 10, 2019. It is now read-only.

Convert from lockdown to npm shrinkwrap #4184

Closed
pdehaan opened this issue Aug 25, 2014 · 2 comments
Closed

Convert from lockdown to npm shrinkwrap #4184

pdehaan opened this issue Aug 25, 2014 · 2 comments
Labels
waffle:ready

Comments

@pdehaan
Copy link
Contributor

pdehaan commented Aug 25, 2014

We use npm shrinkwrap in most of our newer repos (ie: FxA stuff, FMD, etc).
Not sure if we should still cling to lockdown here for historical nostalgia, or if we should switch to npm shrinkwrap for consistency.

Discuss.
@djc
Copy link
Member

djc commented Oct 16, 2014

Does this mean the shrinkwrap shortcomings (per the lockdown README) have been resolved?

@callahad
Copy link
Contributor

Whoops, the mass-closing script misfired. Reopening.

Shrinkwrap's issues have not been completely solved, but the npm registry now prohibits re-use or modification of version numbers, which is roughly equivalent to what lockdown was trying to solve. We'd be exposing ourselves to potential compromise by the operators of the npm registry itself (or a bug in the registry), but we'd be gaining a better-maintained and easier to use tool.

FxA has switched to shrinkwrap, for example.

@callahad callahad mentioned this issue Nov 9, 2014
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
waffle:ready
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@callahad @djc @pdehaan