From 76ee5c780848a922dfc0ab8ac48096ab2262cc4a Mon Sep 17 00:00:00 2001 From: Nayeem Rahman Date: Mon, 18 May 2020 20:50:57 +0100 Subject: docs: Clarify external code vendoring (#5597) --- .../linking_to_external_code/integrity_checking.md | 34 ++++++++++++++++++++-- 1 file changed, 31 insertions(+), 3 deletions(-) (limited to 'docs/linking_to_external_code') diff --git a/docs/linking_to_external_code/integrity_checking.md b/docs/linking_to_external_code/integrity_checking.md index 820ea1d2b..91d595cda 100644 --- a/docs/linking_to_external_code/integrity_checking.md +++ b/docs/linking_to_external_code/integrity_checking.md @@ -1,5 +1,33 @@ ## Integrity checking & lock files -Deno can store and check module subresource integrity for modules using a small -JSON file. Use the `--lock=lock.json` to enable and specify lock file checking. -To update or create a lock use `--lock=lock.json --lock-write`. +Deno can store and check subresource integrity for modules using a small JSON +file. Use the `--lock=lock.json` to enable and specify lock file checking. To +update or create a lock use `--lock=lock.json --lock-write`. + +A typical workflow will look like this: + +```ts +// Add a new dependency to "src/deps.ts", used somewhere else. +export { xyz } from "https://unpkg.com/xyz-lib@v0.9.0/lib.ts"; +``` + +```shell +# Create/update the lock file "lock.json". +deno cache --lock=lock.json --lock-write src/deps.ts + +# Include it when committing to source control. +git add -u lock.json +git commit -m "feat: Add support for xyz using xyz-lib" +git push +``` + +Collaborator on another machine -- in a freshly cloned project tree: + +```shell +# Download the project's dependencies into the machine's cache, integrity +# checking each resource. +deno cache -r --lock=lock.json src/deps.ts + +# Done! You can proceed safely. +deno test --allow-read src +``` -- cgit v1.2.3