Pm2: published package.json is different from source control

Created on 12 Oct 2016  路  4Comments  路  Source: Unitech/pm2

http://registry.npmjs.com/pm2/2.0.18 contains one additional dependency, "gkt": "http://tgz.pm2.io/gkt-1.0.0.tgz, which prevents the package from being installed behind a firewall.

Oddly, the source does not contain gkt in dependencies, only optionalDependencies.

picture vanjan

Most helpful comment

Sadly that's because we use npm shrinkwrap that doesnt make difference between optional and required dependency, that's an issue in npm here.
We are discussing a solution for this one, but you can use npm i pm2@latest --no-optional -g --no-shrinkwrap to install it, this should work.

picture vmarchaud on 12 Oct 2016
👍3

All 4 comments

Sadly that's because we use npm shrinkwrap that doesnt make difference between optional and required dependency, that's an issue in npm here.
We are discussing a solution for this one, but you can use npm i pm2@latest --no-optional -g --no-shrinkwrap to install it, this should work.

vmarchaud picture vmarchaud on 12 Oct 2016
👍3

How about publishing tgz into npm and using a regular version instead of url?

vanjan picture vanjan on 12 Oct 2016

Cause we are using it for analytics purpose so we need to get pinged when someone download it.

vmarchaud picture vmarchaud on 12 Oct 2016

For those of us using an automation platform that does not accept the --no-optional and --no-shrinkwrap, does a workaround exist? Can I point to a different NPM registry that won't break?

santiagon610 picture santiagon610 on 13 Apr 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

shaunwarman picture shaunwarman  路  3Comments
rangercyh picture rangercyh  路  4Comments
lefam picture lefam  路  3Comments
waygee picture waygee  路  4Comments
FujiHaruka picture FujiHaruka  路  3Comments