Pm2: published package.json is different from source control

Created on 12 Oct 2016  路  4Comments  路  Source: Unitech/pm2

http://registry.npmjs.com/pm2/2.0.18 contains one additional dependency, "gkt": "http://tgz.pm2.io/gkt-1.0.0.tgz, which prevents the package from being installed behind a firewall.

Oddly, the source does not contain gkt in dependencies, only optionalDependencies.

picture vanjan

Most helpful comment

Sadly that's because we use npm shrinkwrap that doesnt make difference between optional and required dependency, that's an issue in npm here.
We are discussing a solution for this one, but you can use npm i pm2@latest --no-optional -g --no-shrinkwrap to install it, this should work.

picture vmarchaud on 12 Oct 2016
👍3

All 4 comments

Sadly that's because we use npm shrinkwrap that doesnt make difference between optional and required dependency, that's an issue in npm here.
We are discussing a solution for this one, but you can use npm i pm2@latest --no-optional -g --no-shrinkwrap to install it, this should work.

vmarchaud picture vmarchaud on 12 Oct 2016
👍3

How about publishing tgz into npm and using a regular version instead of url?

vanjan picture vanjan on 12 Oct 2016

Cause we are using it for analytics purpose so we need to get pinged when someone download it.

vmarchaud picture vmarchaud on 12 Oct 2016

For those of us using an automation platform that does not accept the --no-optional and --no-shrinkwrap, does a workaround exist? Can I point to a different NPM registry that won't break?

santiagon610 picture santiagon610 on 13 Apr 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

alexpts picture alexpts  路  3Comments
ghost picture ghost  路  3Comments
liujb picture liujb  路  3Comments
phra picture phra  路  3Comments
getvega picture getvega  路  3Comments