Solving “IWOMM” Issues

If you’ve spent time developing node apps and use Node Package Manager (NPM) you’ve probably encountered the dreaded IWOMM issue: you build an app and it works fine on your machine. Another developer (or your CI server) pulls down the app, does an “npm install”, attempts to build, and receives a sea of errors. Why does this happen?

NPM is not a deterministic package manager – meaning you and another person can both install the app and end up with different looking dependency trees. (You can run “npm list” to compare trees). Your dependency tree works because you developed against it. Your buddy’s doesn’t because they got a later version of a node package that deprecated a function you were using.

Fortunately this problem has an easy solution: commit your package-lock.json to source control. This file is generated whenever you install a node app and describes the exact dependency tree that was generated. Subsequent installs will use the lock file if it exists, and the resulting install will be identical to the install that generated the lock file.

Another option is to switch to Yarn, which is faster and more deterministic compared to NPM. Yarn syntax is nearly identical to NPM.