Your IP :
const { resolve, basename } = require('path')
const { unlink } = require('fs').promises
const Arborist = require('@npmcli/arborist')
const log = require('../utils/log-shim')
const BaseCommand = require('../base-command.js')
class Shrinkwrap extends BaseCommand {
static description = 'Lock down dependency versions for publication'
static name = 'shrinkwrap'
static ignoreImplicitWorkspace = false
async exec () {
// if has a npm-shrinkwrap.json, nothing to do
// if has a package-lock.json, rename to npm-shrinkwrap.json
// if has neither, load the actual tree and save that as npm-shrinkwrap.json
// loadVirtual, fall back to loadActual
// rename shrinkwrap file type, and
if ( {
const er = new Error('`npm shrinkwrap` does not work for global packages')
throw er
const path = this.npm.prefix
const sw = resolve(path, 'npm-shrinkwrap.json')
const arb = new Arborist({ ...this.npm.flatOptions, path })
const tree = await arb.loadVirtual().catch(() => arb.loadActual())
const { meta } = tree
const newFile = meta.hiddenLockfile || !meta.loadedFromDisk
const oldFilename = meta.filename
const notSW = !newFile && basename(oldFilename) !== 'npm-shrinkwrap.json'
// The computed lockfile version of a hidden lockfile is always 3
// even if the actual value of the property is a different.
// When shrinkwrap is run with only a hidden lockfile we want to
// set the shrinkwrap lockfile version as whatever was explicitly
// requested with a fallback to the actual value from the hidden
// lockfile.
if (meta.hiddenLockfile) {
meta.lockfileVersion = arb.options.lockfileVersion ||
meta.hiddenLockfile = false
meta.filename = sw
const updatedVersion = meta.originalLockfileVersion !== meta.lockfileVersion
? meta.lockfileVersion
: null
if (newFile) {
let message = 'created a lockfile as npm-shrinkwrap.json'
if (updatedVersion) {
message += ` with version ${updatedVersion}`
log.notice('', message)
} else if (notSW) {
await unlink(oldFilename)
let message = 'package-lock.json has been renamed to npm-shrinkwrap.json'
if (updatedVersion) {
message += ` and updated to version ${updatedVersion}`
log.notice('', message)
} else if (updatedVersion) {
log.notice('', `npm-shrinkwrap.json updated to version ${updatedVersion}`)
} else {
log.notice('', 'npm-shrinkwrap.json up to date')
module.exports = Shrinkwrap