In the last tutorial, we examined npm's package-lock file, the tutorial you are about read will discuss the npm-shrinkwrap file, in our tutorial on npm-package-lock.json file; we stated that package-lock.json file is never published, rather a different file which is similar to the package-lock.json file is.

Hence, we can state that the npm-shrinkwrap.json is a publishable lockfile.


The npm-shrinkwrap.json is a file that is created when you run the npm shrinkwrap command. As we stated in the introduction to this tutorial, the npm-shrinkwrap.json is identical to the package-lock.json. However, there is a major difference: unlike the package.json, npm-shrinkwrap.json can be included when publishing a package.

The recommended use-case for npm-shrinkwrap.json is in applications through the publishing process on the registry: for instance, daemons and command-line tools which are intended as global installs or devDependencies. Publishing of this file is strongly discouraged for library authors, as that would prevent end users from having control over transitive dependency updates.

The npm-shrinkwrap.json file will be favored, whenever you have apackage-lock.json and npm-shrinkwrap.json are both present in a package root.

Let me work you through the process of creating an npm-shrinkwrap.json file.

Consider the package root as shown below:

npm-shrinkwrap.json package root

A sample package root.

Now in this root, run the npm shrinkwrap command.

npm shrinkwrap command

Now check the root folder and observe that a new file, npm-shrinkwrap.json has been added to the directory.

npm-shrinkwrap.json added to the directory

This tutorial concludes the series on configuring npm.

Previous: Npm-package-locks
Next: Troubleshooting

Follow us on Facebook and Twitter for latest update.