Should we ignore the package-lock.json ?

[mejackreed]

Discussed with @christopher-johnson .. We may need to drop tracking this for the library itself. Or maybe switch to yarn?

[sdellis]

@aeschylus and I discussed this on the POC call this week too. I would be 👍 to switching to yarn, which seems to manage its lock file much better and is generally faster at installs. FWIW, Rails Webpacker gem also uses yarn over npm.

[christopher-johnson]

there are a couple of reasons to stick with npmand commit thepackage-lock.json file. the first is npm ci which can speed up ci. Second, npmwith lernadoes everything that yarncan do with workspaces. yarnmay be a bit faster, but there is also npm audit. The package-lock.json file, however, can complicate normal ci installs with lerna and also can get in the way when re-running npm install locally (due to a misaligned cache).

I would suggest tryingnpm ci on travis to see how well it works before switching to yarn or deciding to ignore the package-lock.json.

[mejackreed]

Closed in #90 for now.