I have a package.json with cucumber listed as a devDependency. cucumber has a dependency on cucumber-html. For some reason when I run npm-shrinkwrap on my project, cucumber-html is included in the npm-shrinkwrap.json. Is there any way to prevent this from happening?
package.json
"dependencies": {
"bcrypt": "*",
"bluebird": "2.2.1",
"body-parser": "~1.12.0",
"compression": "*",
"cookie-parser": "~1.3.4",
"debug": "~2.1.1",
"etag": "*",
"express": "~4.12.2",
"interpolate": "*",
"jade": "~1.9.2",
"jwt-simple": "*",
"lockdown": "0.0.6",
"lodash": "*",
"moment": "*",
"morgan": "~1.5.1",
"nano": "*",
"node-rest-client": "*",
"node-uuid": "*",
"nodemailer": "*",
"passport": "*",
"passport-jwt": "thedewpoint/passport-jwt",
"passport-local": "*",
"q": "*",
"serve-favicon": "~2.2.0",
"validator": "*"
},
"devDependencies": {
"add-stream": "^1.0.0",
"gulp": "^3.9.0",
"gulp-angular-templatecache": "^1.7.0",
"gulp-concat": "^2.6.0",
"gulp-if": "^1.2.5",
"gulp-image-optimization": "^0.1.3",
"gulp-minify-css": "^1.2.0",
"gulp-minify-html": "^1.0.4",
"gulp-uglify": "^1.2.0",
"gulp-useref": "^1.3.0",
"cucumber": "^0.5.2"
}
npm-shrinkwrap.json
"cucumber-html": {
"version": "0.2.3",
"from": "[email protected]",
"resolved": "https://registry.npmjs.org/cucumber-html/-/cucumber-html-0.2.3.tgz"
},
Thank you
I'm not sure I understand why everyone thinks this is an issue. This is the point behind npm-shrinkwrap. It says in the documentation that it recursively locks down each dependency. So the fact that it locks down a transitive dependency is expected behavior. To answer the original question, the docs don't indicate that this is possible, except by doing everything yourself by installing your dependencies into source control.