Forcing a specific NoFlo version for all dependencies

Using NPM Shrinkwrap to enforce the same version of NoFlo for all dependencies to fix backwards compatibility issues

A 2 minute read. Published on March 13, 2017

Using NPM Shrinkwrap to force NoFlo 0.8

Recently released 0.8 branch of NoFlo introduces several fundamental changes as well as a backwards compatibility layer for long-existing applications. However, the backwards compatibility layer is only capable of doing its job if all NPM dependencies in a project use [email protected].*. Which means that if a project uses an old library that depends on something like [email protected], the compatibility layer may work incorrectly.

The best solution would be to upgrade all the dependencies and make use of the Process API which is well worth it. However, an immediate solution is available via NPM Shrinkwrap.

Installing noflo-0.8 for all dependencies

Given a project with legacy dependencies and a target NoFlo version you want to enforce (e.g. 0.8.3), here is the step-by-step enforcement process:

  1. npm install latest dependency tree
  2. npm shrinkwrap to generate initial npmshrinkwrap.json file
  3. In npmshrinkwrap.json find all occurances of "noflo" and replace the contents with e.g.
  "noflo": {
    "version": "0.8.3",
    "from": "[email protected]",
    "resolved": "https://registry.npmjs.org/noflo/-/noflo-0.8.3.tgz"
  }
  1. npm install again, which will use npmshrinkwrap.json instead of package.json

Then try testing your project to see if everything is OK.

Updating a dependency

Say noflo has released a new version and you need to update it in your shrinkwrapped project. This is how it can be achieved:

  1. npm update to update all dependencies from package.json rather than npmshrinkwrap.json (optional)
  2. npm prune to remove “extraneous” packages
  3. npm shrinkwrap to generate a new npmshrinkwrap.json
  4. Edit npmshrinkwrap.json again like you did in step 3 in previous section
  5. npm install based on shrinkwrapped tree

Conclusion

Maintaining a project with shrinkwrapped dependencies is quite tedious, thus it is recommended to update all the legacy dependencies to use NoFlo 0.8+. In the meantime, the above trick will help you find out if a project will run fine with the latest NoFlo or not.