Closed gregmarr closed 3 years ago
gregmarr
commented
3 years ago I'm not sure, the package-lock.json is very useful. If you don't have it, then builds are not reproducible. Every build will pull in the latest version of each package, potentially introducing incompatibilities unexpectedly.
QilongTang
commented
3 years ago I'm not sure, the
package-lock.jsonis very useful. If you don't have it, then builds are not reproducible. Every build will pull in the latest version of each package, potentially introducing incompatibilities unexpectedly.
Then I guess the approach we made about copying npmrc was not enough. I am fine keeping the npmrc file then.
gregmarr
commented
3 years ago I think having the .npmrc copied is helpful as users are more likely to know about package-lock.json and that they need to delete it than .npmrc. We could add that to the instructions.
QilongTang
commented
3 years ago I think having the
.npmrccopied is helpful as users are more likely to know aboutpackage-lock.jsonand that they need to delete it than.npmrc. We could add that to the instructions.
Agreed. can you do us a favor to include that in this repo's ReadMe?
QilongTang
commented
3 years ago Thanks @gregmarr ! Merging.
@QilongTang I added the .npmrc when I thought this repo was internal, thought it was just missed since the links in package-lock.json are to art-bobcat. I'm not sure it makes sense to have it when it's external, as it would cause problems for users, but the existing package-lock.json would cause problems too. Is it intentional that there is no .npmrc?