Verify that packages installed during development match those installed in production
This module can verify that packages installed during development are
identical to those installed during deployment. The standard
only ensures that package versions are the same, but does not verify contents.
This module checks the shasum of the package tarballs downloaded by npm during
development and deployment to ensure they are the same.
- Install you packages (
- Generate shrinkwrap (
- Generate a sealed shrinkwrap file (
- Deploy code and install packages (on server,
- Check sealed shrinkwrap against installed packages (on server,
- If the check fails, errors will be dumped to stderr in JSON
$ seal -h Usage: seal [command] [input] [options] command generate from a shrinkwrap or check a sealed shrinkwrap [g|generate|c|check] input the shrinkwrap or sealed shrinkwrap file Options: -o FILE, --output FILE write output to specified file -c DIR, --cache-dir DIR directory where npm package downloads are cached -v, --version print version and exit