Skip to content

Latest commit

 

History

History
88 lines (64 loc) · 3.85 KB

README.md

File metadata and controls

88 lines (64 loc) · 3.85 KB

Ember CLI Dependency Checker Build Status Code Climate Ember Observer Score

An Ember CLI addon that checks for missing npm and bower dependencies before running ember commands.

Installation

ember install ember-cli-dependency-checker

Usage

Upon being included in a project (when running ember build for example), the dependency checker will confirm versions according to several signals of intent:

  • bower.json will be compared to the contents of bower_components (or your Ember-CLI configured bower directory)
  • package.json will be compared to the contents of node_modules. This check only takes the top-level of dependencies into account. Nested dependencies are not confirmed.
  • npm-shrinkwrap.json, if present, will be compared to the contents of node_modules. This is done only if a package.json check does not find any unsatisfied dependencies. Nested dependencies are confirmed.

Shrinkwrap Workflow

This workflow presumes npm v2.7.6 - v3.0.0, though it may work well for earlier versions.

When installing dependencies, it is important that npm shrinkwrap --dev is run and the resulting npm-shrinkwrap.json file committed. For example, to install the Torii library:

npm install --save-dev torii
npm shrinkwrap --dev
git add package.json npm-shrinkwrap.json
git commit -m "Install Torii"

If the npm-shrinkwrap.json file is not committed, nested dependencies cannot be confirmed. Remembering to execute npm shrinkwrap --dev and commit npm-shrinkwrap.json is akin to committing the Gemfile.lock file when using Ruby's Bundler library.

If ember is run and the contents of node_modules/ differs from the contents of package.json and npm-shrinkwrap.json an error will be raised. To resolve a difference in dependencies, you must destroy the node_modules/ directory and re-run npm install. With a blank directory, npm install will respect the versions pinned in npm-shrinkwrap.json.

In some rare cases there may be un-resolvable conflicts between installable versions of dependencies and those pinned. Upgrading packages after deleting the npm-shrinkwrap.json file or changing the version of a dependency requested in package.json may be the only way to resolve theses cases.

Deployment with Shrinkwrap

Ember-CLI projects may be built on Travis or another dedicated build tool like Jenkins. To ensure that versions of dependencies (including of nested dependencies) are the same during builds as they are on the authoring developer's computer, it is recommended that you confirm dependencies before a build. Do this by running ember version to begin a dependency check, then if needed clearing the node_modules/ and bower_components/ folder and installing dependencies. For example:

([ -f node_modules/ember-cli/bin/ember ] && node_modules/ember-cli/bin/ember version) || (rm -rf node_modules/ bower_components/ && npm install && bower install)
ember build -e production

Caveats

Due to the limited information available in configuration files and packages, git dependencies may fall out of sync. Using shrinkwrap will confirm that they are correct upon installation, but they cannot be confirmed at runtime until improvements are made to the npm-shrinkwrap.json file.

Pinning solely to versioned releases should be preferred.

Tests

To run tests:

pnpm test

LICENSE

MIT