should package-lock.json be committed?
I see people committing package-lock.json to git repo always
To me, i see it as a bad idea
Because i have had many bad experiences with it, especially since i am using a Linux pc and the other contributor uses windows they is always strange issues with architecture kind of thing in the file
Do you think it's a good practice? Why?
I see it as a risk not worth taking
3 Replies
It doesn’t matter unless your coworkers use npm ci
The whole point is so that packages don’t change minor or patch version in production
But npm install
Also checks for package-lock.json
And i have see some windows / Linux specific builds in it also
There's no negative to committing it as far as I know while it gives you some additional "consistency" to your build process