Committing package-lock.json for web5-labs?

alr · January 18, 2023, 4:54am

Do we have a consensus opinion on committing package-lock.json?

I’ve got some outgoing changes in web5-labs that are just docs-related, but looks like I’ve got new changes in package-lock.json pending from my local build. I don’t want to tangle the commits. Some teams I’ve known haven’t wanted to commit these generated files but I understand that to be the intent, as discussed here:

Tangent: That one also advocates for npm ci instead of npm install.

I’ll hold my package-lock changes for now and curious if we’ve got a standard way of handling these.

S,
ALR

henrytsai · January 19, 2023, 6:29pm

I may be wrong, but my impression is that we already have consensus, ie. commit package-lock.json.

In principle I believe we should avoid checking in files that everyone can generate identically, however package-lock.json isn’t the case for reasons described in the link above.

Thanks,
Henry = ]

alr · January 19, 2023, 7:46pm

OK awesome I’ve made a PR to update it!

Thanks!

S,
ALR

moe · January 19, 2023, 8:07pm

totally in favor of not committing package-lock.json to version control if we’re willing to rehash the topic!

alr · January 19, 2023, 8:08pm

I’ve got zero opinion on this and looking to follow project leads’ guidance.

Rehash away!

mic · January 26, 2023, 1:05am

this is interesting - I had always assumed it was designed to be committed.