Lock down the versions of a package's dependencies

Cortex Shrinkwrap

This command will lock down the versions of a package's dependencies and generate a cortex-shrinkwrap.json file in your package directory.

npm install cortex-shrinkwrap -g

Also this lib can be used in nodejs.

var shrinkwrap = require('cortex-shrinkwrap');
var traveller = shrinkwrap(pkg, built_root, options, function(errshrinked) {
    // console.log(shrinked); 
traveller.on('ignoreDev', function(pkgName) {
traveller.on('ignoreAsync', function(pkgName) {

Generate shrinkwrap.json from pkg, return a Traveller object, see cortex-deps-traveller for more details;

Pakcage information stored in cortex.json.

  • dev: whehter include devDependencies
  • async: whether incldue asyncDependencies
  • stableOnly: only include stable version in shrinkwrap, default value is =false=

Generate a simple deps tree with information of shrinkwrap.json

var shrinktree = require('cortex-shrinkwrap').shrinktree
shrinktree('deep-eql', "~0.1.0", built_root,  function(errtree) {
// or provide a package json if already have one 
  name: 'deep-eql',
  version: '0.1.0',
  dependencies: {
     'type-detect': "~1.0.0"
}, built_root, {
  enableDev: true
}, function(errtree) {

Package name of the tree root

Range of the tree root

Package json as the root

The same as options in shrinkwrap

(The MIT License)

Copyright (c) 2014, Villa.Gao <>;
All rights reserved.