Why should we include package-lock.json in version control?
NPM generated package-lock.json file traces the detailed dependencies under the top-level dependencies of project. So, if we keep it, we can trace any subtle problems due to dependency packages. Officially, it's something matters.
Why should we ignore package-lock.json in version control?
Every time we install/uninstall packages, NPM updates package-lock.json, it easily makes conflicts and additional management costs in version control system. In practice, we never check dependencies under top level, we can just remove node_modules folder and install everything easily when we have problems. Finally, we can see many developers support this practice thinking.
nizniz187
commented
2 years ago
Short conclusion is: YES.
Why should we include package-lock.json in version control?
NPM generated package-lock.json file traces the detailed dependencies under the top-level dependencies of project. So, if we keep it, we can trace any subtle problems due to dependency packages. Officially, it's something matters.
Why should we ignore package-lock.json in version control?
Every time we install/uninstall packages, NPM updates package-lock.json, it easily makes conflicts and additional management costs in version control system. In practice, we never check dependencies under top level, we can just remove node_modules folder and install everything easily when we have problems. Finally, we can see many developers support this practice thinking.