What can happen if we don't commit the package-lock.json

(Bluebaroncanada) #1

My team decided we shouldn’t add package-lock.json. Is there some way I can demonstrate the problems with doing that?

(John Gee) #2

The key benefit is reproducible installs of the dependencies of your package.

It is highly recommended you commit the generated package lock to source control: this will allow anyone else on your team, your deployments, your CI/continuous integration, and anyone else who runs npm install in your package source to get the exact same dependency tree that you were developing on.

https://docs.npmjs.com/files/package-locks.html

You set up a new Node JS/Webpack project , installed all your dependencies with npm install and your app runs smoothly. A week later, another developer has been assigned to work along with you. So he/she cloned it and install dependencies via npm install , then they run the app and all of sudden, errors everywhere! Puzzled, you looked at your code, and it’s working correctly. They have the same dependencies and same code, why did the app not work on your colleague’s computer?

(system) closed #3

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.