should package-lock.json be committed?

I see people committing package-lock.json to git repo always To me, i see it as a bad idea Because i have had many bad experiences with it, especially since i am using a Linux pc and the other contributor uses windows they is always strange issues with architecture kind of thing in the file Do you think it's a good practice? Why? I see it as a risk not worth taking
3 Replies
barry
barry15mo ago
It doesn’t matter unless your coworkers use npm ci The whole point is so that packages don’t change minor or patch version in production
Lopen
Lopen15mo ago
But npm install Also checks for package-lock.json And i have see some windows / Linux specific builds in it also
Vincent Udén
Vincent Udén15mo ago
There's no negative to committing it as far as I know while it gives you some additional "consistency" to your build process
Want results from more Discord servers?
Add your server