Closed NotLebedev closed 1 week ago
is intended to be committed into source repositories, and serves various purposes
make package
command package-lock.json
can be different from system to system
- I've read all purposes and haven't found any reasonable for this repository.
It's true that this project only has devDependencies
and thus need for package-lock.json
is less. However the part aqbout continuous integration are guaranteed to install exactly the same dependencies
is exactly why I created this. Package manager can vendor package-lock.json
but then your distribution through kde store would be different from packaged versions. Then it may be difficult to reproduce some edge cases in bug reports.
package-lock.json
can be different from system to system- your package-lock.json is different from mine. Obviously you are using MacOS of something like this.
That's exactly my point. I'm not even using macOS, as you suggested, but still there are some differences. I'm not sure how this may change behavior of different builds and introduce problems when debugging.
In any case I agree with you that this is not a critical problem. In my opinion it's just QOL for packaging and possibly debugging some edge cases. If you believe that there is no need for this change feel free to close PR.
Until this becomes a problem I will refrain from adding package-lock.json to repository.
As per npm docs
package-lock.json
Personally I tried to package it using nix and it won't do it without package-lock (because in general this may lead to non-reproducible build)
Thank you for your work on supporting this project!