lock down dependency installation for predictable deployments (npm shrinkwrap) [73717432]

Fixed

Feature Request

Status Update

No update yet.

Description

[Deleted User]

created issue #1

Feb 22, 2018 01:01PM

Dependency installation should be predictable and reproducible when installing locally, in CI, or when deployed.

npm-shrinkwrap.json, package-lock.json, or yarn.lock all solve this problem and one of these standardized means of ensuring reproducible dependency installations should be supported by Cloud Function.

It was confirmed that none of these are supported currently in Cloud Functions in Beta Testers Group:

https://groups.google.com/d/msg/cloud-functions-beta-testers/Vv3cV_Dpids/dk-z1HbMCgAJ

Add support for npm-shrinkwrap.json or package-lock.json when deploying Cloud Functions.

Comments

[Deleted User] <[Deleted User]> #2Feb 22, 2018 01:13PM

better practice and documentation about this issue will be appreciated

kn...@google.com <kn...@google.com> #3Feb 23, 2018 01:59AM

Assigned to gc...@google.com.

Agreed, this is a must for me to securely pass information to a Google Webapp dopost function. URL querystrings are not secure...

st...@google.com <st...@google.com> #4May 22, 2019 07:51PM

Marked as fixed.

I see the request status has not changes for this item, is there a current update on if this feature will be implemented in the Google Webapp product?

Issue 73717432

Description

Issue summary

Comments

[Deleted User] <[Deleted User]> #2Feb 22, 2018 01:13PM

kn...@google.com <kn...@google.com> #3Feb 23, 2018 01:59AM

st...@google.com <st...@google.com> #4May 22, 2019 07:51PM

Add comment

Issue metadata