Why I kept reading, skeptical eyebrow raised:
This is not a repeat of the Bower fiasco.
It’s a client that works with the npm package registry.
I’m curious about this, and how well it works at the server level:
…what gets installed on one machine, using the same lock file, will be exactly what gets installed on another machine.
So, assuming my app runs from /home/user/web on the server, I assume that the lock file results in the respect of the folder hierarchy, i.e. if the modules are installed in /node_modules on my Mac (not true but just an example) this is @ root, but if I run the same from /home/user/web on the server, this would actually install in /home/user/web/node_modules. This isolates the install for security so it’s a concern.
Obviously, we don’t want to literally keep folder paths the same, but instead relative folder paths.
Thanks for the article. Informative, as always.