
Shrinkpack – npm dependencies as tarballs, prevents “left-pad” style breakage - michaelsbradley
https://www.npmjs.com/package/shrinkpack
======
acemarke
Thank you. I found this last year when doing initial research on the
Node/NPM/JS ecosystem, and it seems like it solves most of the issues involved
here. Just check in the package tarballs for ALL your transitive dependencies,
and it's a lot smaller and easier to manage than trying to check in
/node_modules. Still really surprised that more people haven't started using
it.

I posted some thoughts over on Reddit on the use case and the steps to use it
when updating packages:
[https://www.reddit.com/r/javascript/comments/4bmwwy/discussi...](https://www.reddit.com/r/javascript/comments/4bmwwy/discussion_how_are_you_planning_on_safeguarding/d1anzri)
.

~~~
dozzie
> Still really surprised that more people haven't started using it.

You see, something like packaging your dependencies in source packages and
keeping those by yourself is a very old technique known by sysadmins and Linux
distributions developers, and old techniques from the ops world are not
exactly popular among the JS crowd.

