Pm2: published package.json is different from source control

Created on 12 Oct 2016  路  4Comments  路  Source: Unitech/pm2

http://registry.npmjs.com/pm2/2.0.18 contains one additional dependency, "gkt": "http://tgz.pm2.io/gkt-1.0.0.tgz, which prevents the package from being installed behind a firewall.

Oddly, the source does not contain gkt in dependencies, only optionalDependencies.

picture vanjan

Most helpful comment

Sadly that's because we use npm shrinkwrap that doesnt make difference between optional and required dependency, that's an issue in npm here.
We are discussing a solution for this one, but you can use npm i pm2@latest --no-optional -g --no-shrinkwrap to install it, this should work.

picture vmarchaud on 12 Oct 2016
👍3

All 4 comments

Sadly that's because we use npm shrinkwrap that doesnt make difference between optional and required dependency, that's an issue in npm here.
We are discussing a solution for this one, but you can use npm i pm2@latest --no-optional -g --no-shrinkwrap to install it, this should work.

vmarchaud picture vmarchaud on 12 Oct 2016
👍3

How about publishing tgz into npm and using a regular version instead of url?

vanjan picture vanjan on 12 Oct 2016

Cause we are using it for analytics purpose so we need to get pinged when someone download it.

vmarchaud picture vmarchaud on 12 Oct 2016

For those of us using an automation platform that does not accept the --no-optional and --no-shrinkwrap, does a workaround exist? Can I point to a different NPM registry that won't break?

santiagon610 picture santiagon610 on 13 Apr 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gshively11 picture gshively11  路  37Comments
memphisraynz picture memphisraynz  路  97Comments
dreaddymck picture dreaddymck  路  35Comments
chelsh picture chelsh  路  42Comments
iliakan picture iliakan  路  45Comments