search

SudhanPlayz / Discord-MusicBot

An advanced discord music bot, supports Spotify, Soundcloud, YouTube with Shuffling, Volume Control and Web Dashboard with Slash Commands support!
https://musicbot.darrenofficial.com
Other
2.92k stars 2.84k forks source link

Commit NPM lock file into source control #1266

Closed daichuanwu21 closed 8 months ago

daichuanwu21 commented 8 months ago

Is your feature request related to a problem? Please describe.

The package-lock.json file generated by NPM during install is currently being ignored under .gitignore.

This is specifically discouraged by NPM's documentation found here. The relevant extract is shown below:

This file is intended to be committed into source repositories, and serves various purposes:

  • Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.
  • Provide a facility for users to "time-travel" to previous states of node_modules without having to commit the directory itself.
  • Facilitate greater visibility of tree changes through readable source control diffs.
  • Optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.
  • As of npm v7, lockfiles include enough information to gain a complete picture of the package tree, reducing the need to read package.json files, and allowing for significant performance improvements.

Most significantly, adding the package-lock.json allows for reproducibility in both testing and production deployments. For example, it would become possible to easily distinguish between a regression introduced by developer code, versus some dependency that just so happened to change versions. Furthermore, it will reduce confusion among end-users, who may be annoyed that newer deployments don't share the same behavior to older deployments.

Describe the ideal solution

Describe alternatives you've considered

None considered.

Additional context

N/A

daichuanwu21 commented 8 months ago

Fixed in maintained branch, see #161.