PressJump
commented
11 months ago I definitely think it is a good idea to use lockfile version 3. Due to this here is a list of things that need to be implemented in terms of info not already obtained by default but is still included (tgz url).
- [x] version
- [x] resolved
- [ ] integrity
- [ ] dependencies
- [ ] engines
- [ ] dev
- [ ] inBundle
- [ ] hasInstallScript
- [ ] hasShrinkwrap
Info from dependency package.json (although I am not too sure if these are a standard in the industry so is subject to change)
- [ ] bin
- [ ] license
- [ ] engines
- [ ] dependencies
- [ ] optionalDependencies
Currently the nonexistence of a package lock file is stopping the project from being able to be expanded upon even on the simplest features like remove. This is because I do not want to put all the packages inside package.json like it is being done right now.
Following industry standards, I will make it so that the direct dependencies of the project are placed into package.json while all dependencies including the dependencies of the dependencies are placed in the package lock file.
I personally like the way yarn handles their lock file. It is simple, simple to parse but for cross package manager compatibility sake using default lockfileVersion 3 may be good as I do not want this project to be another package manager contributors need to install.