Committing package-lock.json for web5-labs?

Do we have a consensus opinion on committing package-lock.json?

I’ve got some outgoing changes in web5-labs that are just docs-related, but looks like I’ve got new changes in package-lock.json pending from my local build. I don’t want to tangle the commits. Some teams I’ve known haven’t wanted to commit these generated files but I understand that to be the intent, as discussed here:

Tangent: That one also advocates for npm ci instead of npm install.

I’ll hold my package-lock changes for now and curious if we’ve got a standard way of handling these.


I may be wrong, but my impression is that we already have consensus, ie. commit package-lock.json.

In principle I believe we should avoid checking in files that everyone can generate identically, however package-lock.json isn’t the case for reasons described in the link above.

Henry = ]

OK awesome I’ve made a PR to update it!



totally in favor of not committing package-lock.json to version control if we’re willing to rehash the topic!

I’ve got zero opinion on this and looking to follow project leads’ guidance. :pray:t2:

Rehash away!

this is interesting - I had always assumed it was designed to be committed.