Advice on committing lock files in libraries (vs applications)


(Zmarois) #1

What is the npm community’s stance on committing lock files in libraries as opposed to applications? My team has had a lot of conversations about this, but couldn’t find any npm guidance. Then we finally found a great summary of the problem in the yarn blog (the first hit in Google when I search yarn committing lock files libraries). Especially since the end result is somewhat immaterial, having the suggestion in such an official place creates a nice standard we can just fall back on.

I would be nice to have npm-specific guidance on this topic.


(John Gee) #2

Interesting read, thanks. In my opinion, yes they should be committed.

npm reference links:

And I think there is some clear if concise npm-specific guidance: :wink:

$ npm init -y
...
$ npm install anything
npm notice created a lockfile as package-lock.json. You should commit this file.
...