i'm used deploy code depending on composer (php's npm cousing), sports .json , .lock files. first 1 describes package , version constraints, , second 1 lists installed. there's lock file , run composer install you're sure receive same set of packages; running composer update re-read json file, install new versions, , update lock file.
that's awesome production deployment, since don't need checkout dependencies versioning system , you're sure have exact same set of dependencies in production have in development.
my question is: how best automate deployment of npm-dependent code? possible achieve method similar composer? i've noticed npm install installs what's first available in package.json file. after first run, i.e. if change version constraint must manually npm update package - , render automate deployment useless, there's no way check in versioning "update package here new version"...
npm shrinkwrap analog of composer.lock file. generate npm-shrinkwrap.json, have deps version in it, can use deploy production env. can try various libs npm lock versions or search updates of without changing packages.json.
