package-lock.json: To commit or not to commit? #4408
Comments
johnsaigle
added
Meta
|
I've assigned our resident JS specialists to sort this out. 👯 |
|
@johnsaigle generally the best practice is to commit the package-lock.json. @HenriRabalais @zaliqarosli do you both agree or is there a reason we shouldn't in LORIS? |
|
Also see stackoverflow answer. |
|
Yeah I arrived at the same SO post but some people on that thread seem to have issues with it when doing merges etc. so 🤷♂️ |
|
i don't have strong strong opinions but it seems like we should be committing it because 1. changes are only generated when node_modules or package.json are modified and 2. it must match package.json, so everytime package.json is committed, we should be committing package-lock.json alongside it. if the file exists on github, then we may as well be committing it. i think the issue right now is that the two files are out of sync with package-lock not getting updated when package was
|
|
@zaliqarosli Yeah I think you're right that they're out of sync. Also |
Bring package-lock.json in sync with package.json. At some point the latter was changed without the former being committed to the repo. Resolves #4408
This file should either be committed explicitly to the repo or explicitly included in our
.gitignore. Right now it floats around between branches and causes warnings when switching.I'm not sure on the best practices here because I'm not really involved with JavaScript, but a decision should be made.
The text was updated successfully, but these errors were encountered: