npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Advice on committing lock files in libraries (vs applications)

What is the npm community’s stance on committing lock files in libraries as opposed to applications? My team has had a lot of conversations about this, but couldn’t find any npm guidance. Then we finally found a great summary of the problem in the yarn blog (the first hit in Google when I search yarn committing lock files libraries). Especially since the end result is somewhat immaterial, having the suggestion in such an official place creates a nice standard we can just fall back on.

I would be nice to have npm-specific guidance on this topic.


Interesting read, thanks. In my opinion, yes they should be committed.

npm reference links:

And I think there is some clear if concise npm-specific guidance: :wink:

$ npm init -y
...
$ npm install anything
npm notice created a lockfile as package-lock.json. You should commit this file.
...