npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

What can happen if we don't commit the package-lock.json

My team decided we shouldn’t add package-lock.json. Is there some way I can demonstrate the problems with doing that?

The key benefit is reproducible installs of the dependencies of your package.

It is highly recommended you commit the generated package lock to source control: this will allow anyone else on your team, your deployments, your CI/continuous integration, and anyone else who runs npm install in your package source to get the exact same dependency tree that you were developing on.

You set up a new Node JS/Webpack project , installed all your dependencies with npm install and your app runs smoothly. A week later, another developer has been assigned to work along with you. So he/she cloned it and install dependencies via npm install , then they run the app and all of sudden, errors everywhere! Puzzled, you looked at your code, and it’s working correctly. They have the same dependencies and same code, why did the app not work on your colleague’s computer?