Is it worth to use npm-shrinkwrap.json rather than package-lock.json
jeanpylone opened this issue · comments
Jean-Philippe Schneider commented
As per npm documentation, npm-shrinkwrap.json
seems to be used in some specific cases (i.e. npm published package where it needs exact dependency tree, like globally install command line tools).
Doing a npm install
does updates this file, which has to be committed again. I may not be aware of its real utility but I am more used to do this with package-lock.json, which seems to be less annoying about these file status.