问题描述
签入 node_module 是社区标准,但现在我们也可以选择使用shrinkwrap.后者对我来说更有意义,但总有可能有人强制发布"并引入了错误.还有其他缺点吗?
Checking in node_module was the community standard but now we also have an option to use shrinkwrap. The latter makes more sense to me but there is always the chance that someone did "force publish" and introduced a bug. Are there any additional drawbacks?
推荐答案
我最喜欢的关于这个主题的帖子/哲学可以追溯到 2011 年(在 node.js 领域很长一段时间):
My favorite post/philosophy on this subject goes all the way back (a long time in node.js land) to 2011:
https://web.archive.org/web/20150116024411/http://www.futurealoof.com/posts/nodemodules-in-git.html
直接引用:
如果您有部署的应用程序,请将所有依赖项检入到 node_modules.如果您使用 npm do deploy,只需为这些模块定义 bundleDependencies.如果您有需要编译的依赖项,您仍应签入代码并在部署时运行 $ npm rebuild.
我说过这件事的每个人都说我是个白痴,然后几周后又告诉我我是对的,将 node_modules 加入 git 是对部署和开发的一种祝福.客观上更好,但这里有一些我似乎得到的问题/投诉.
Everyone I’ve told this too tells me I’m an idiot and then a few weeks later tells me I was right and checking node_modules in to git has been a blessing to deployment and development. It’s objectively better, but here are some of the questions/complaints I seem to get.
我认为这仍然是最好的建议.
I think this is still the best advice.
强制发布的情况很少见,npm shrinkwrap
可能适用于大多数人.但是,如果您要部署到生产环境,则没有什么比检查整个 node_modules
目录更能让您安心.
The force-publish scenario is rare and npm shrinkwrap
would probably work for most people. But if you're deploying to a production environment, nothing gives you the peace-of-mind like checking in the entire node_modules
directory.
或者,如果您真的,真的不想检查 node_modules
目录,但想要更好地保证没有强制推送,我会遵循 npm 帮助收缩包装
:
Alternately, if you really, really don't want to check in the node_modules
directory but want a better guarantee there hasn't been a forced push, I'd follow the advice in npm help shrinkwrap
:
如果您想避免拜占庭作者用破坏您的应用程序的代码替换您正在使用的包的任何风险,您可以修改shrinkwrap 文件以使用git URL 引用而不是版本号,以便npm 始终获取所有包来自 git.
当然,有人可以运行一个奇怪的 git rebase
或其他东西并修改 git commit 哈希......但现在我们只是变得疯狂.
Of course, someone could run a weird git rebase
or something and modify a git commit hash... but now we're just getting crazy.
这篇关于签入 node_modules vs.shrinkwrap的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!