堆栈内存溢出
  简体   繁体   English

如何锁定云函数中的 npm 依赖项

[英]How to lock down npm dependencies in a cloud function

 原文  2018-02-09 13:30:49       node.js/ npm/ google-cloud-functions/ yarnpkg

问题描述

Is there any way to control what version of dependencies (and transient dependencies) are installed when deploying a cloud function?有没有办法控制部署云功能时安装的依赖项(和瞬态依赖项)的版本?

Since the cloud function runtime uses node v6.11.5 , I assume it is using npm v3.10.10 distributed with that version of node.由于云函数运行时使用节点v6.11.5 ,我假设它使用的是与该节点版本v3.10.10分发的 npm v3.10.10 This version of npm does not support package.lock (added in npm v5.0.0 ).此版本的 npm 不支持package.lock (在npm v5.0.0添加)。

I set all versions to fixed versions (removing the ^ ) in my package.json and added save-exact=true to my .npmrc file, but this will only control direct dependencies.我在package.json中将所有版本设置为固定版本(删除^ )并将save-exact=true添加到我的.npmrc文件中,但这只会控制直接依赖项。 Transient dependencies are not locked in this manner.瞬态依赖不会以这种方式锁定。

Is there any way to control all installed dependency versions in cloud functions?有没有办法控制云功能中所有已安装的依赖版本? Is npm shrinkwrap.json honored? npm shrinkwrap.json受到尊重吗?

2 个解决方案

解决方案1
 1 已采纳  2018-02-22 13:37:34

I posted a question in the Cloud Functions Beta Testers group and they confirmed that the npm-shrinkwrap.json is not honored when deploying to Cloud Functions.我在Cloud Functions Beta Testers组中发布了一个问题,他们确认在部署到 Cloud Functions 时不支持npm-shrinkwrap.json

Response from the Product Manager:产品经理的回复:

Currently, we don't support the npm-shrinkwrap.json file.目前,我们不支持 npm-shrinkwrap.json 文件。 We're looking at making some improvements to dependency management as we think about our runtime strategy, and this is a suggestion that we'll definitely consider.在考虑运行时策略时,我们正在考虑对依赖项管理进行一些改进,这是我们肯定会考虑的建议。

As they recommended, I created an issue on their public issue tracker.按照他们的建议,我在他们的公共问题跟踪器上创建了一个问题 Add your support to that issue (by starring it) if this is something you want too!如果这也是您想要的,请添加您对该问题的支持(通过给它加星标)!

As a senior node.js developer, having a means to have reproducible installations is essential to delivering production worthy code.作为高级 node.js 开发人员,拥有可重复安装的方法对于交付有价值的生产代码至关重要。

解决方案2
 0  2018-02-17 18:40:07

npm-shrinkwrap.json and package-lock.json behave differently only from the point of view of an NPM package author/mantainer npm-shrinkwrap.json package-lock.jsonpackage-lock.json NPM 包作者/维护者的角度来看表现不同

package-lock.json won't be published to the NPM registry (but it will stay with the source code) and guarantee that any author/mantainer of the project will get the same dependencies . package-lock.json不会发布到 NPM注册表(但它会保留在源代码中)并保证项目的任何作者/管理员都将获得相同的依赖项

npm-shrinkwrap.json is instead meant to be published to the NPM registry and guarantee that not only authors/mantainers but also the users who install the package get the same dependencies . npm-shrinkwrap.json旨在发布到 NPM注册表并保证不仅作者/管理员而且安装包的用户都获得相同的依赖项

Since your project is not related with authoring an NPM package, you can rely on npm-shrinkwrap.json to have a reproducible dependency tree using any NPM version.由于您的项目与编写 NPM 包无关,因此您可以依靠npm-shrinkwrap.json使用任何NPM版本获得可重现的依赖关系树。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 NPM在我们的依赖项package.json中锁定依赖项版本 - NPM Lock down dependency versions in our dependencies package.json 如何在 monorepo 中成功锁定节点模块依赖项? - How can I successfully lock down node module dependencies in a monorepo? npm install不安装依赖项-仅锁定文件 - npm install not installing dependencies - just lock file 谷歌云 Function NPM - Google Cloud Function NPM npm:如何提取依赖关系? - npm: How to extract dependencies? 使用package-lock.json更新中间npm依赖项 - Update intermediary npm dependencies with package-lock.json 如何部署firebase云函数依赖需要js - How to deploy firebase cloud function dependencies require js 如何修复 npm 依赖中的漏洞? - How to fix vulnerability in npm dependencies? 如何使用CI检查NPM依赖关系 - How to Check NPM Dependencies with CI Azure Function 节点应用程序 NPM 依赖项未解析 - Azure Function Node app NPM dependencies not resolving
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM