Closed Orzelius closed 5 years ago
Orzelius
commented
5 years ago Oh, okay... But if an unstable version of a npm package appears and breaks the project, the user will have to manually find and install a different version of the package. If the package-lock file is there, there's always a stable version of the project that a user can update if they want to.
nelsonic
commented
5 years ago Indeed, itβs a sad state of affairs that in-band dependencies can break builds. π Thankfully, we have Travis-CI records the exact versions of dependencies when it runs the tests so we can easily check which versions work and which ones fail. However, in this situation I agree that some people are unlikely to check the build log of CI to debug a failing build so a package-lock.json can help some people. ππ»
93 Add package-lock file back after it was removed by me accidentally