Open fluffychacham opened 4 years ago
taylankasap
commented
4 years ago As far as I know it's the opposite of what you're saying. The point of package-lock.json is to have everyone use the same versions of packages installed during development. Note that you need to use $ npm ci instead of $ npm install
fluffychacham
commented
4 years ago Okay gotcha, so what about when we need to update the packages? Wouldn't it be more convenient and safer to have all the packages at the latest version anyways?
taylankasap
commented
4 years ago I think the best practice is to use npm install time to time but only with an exclusive commit for it with a message like "Update NPM packages". And if you - as a contributor - are not making a change related to packages you should simply use npm ci so your commit won't have package updates.
Although I'm not sure about the best practice when there is also yarn.lock file.
AkromDev
commented
4 years ago We are using yarn so we need only yarn.lock. It is better not to mix npm and yarn. and yarn.lock should be pushed to git.
taylankasap
commented
4 years ago In that case I think the above conversation still holds true but instead of npm ci use yarn install --frozen-lockfile and instead of npm install use yarn install.
fluffychacham
commented
4 years ago I think that should be in documentation. I've only heard of npm ci but I don't think most people have heard of yarn install - - frozen-lockfile
We don't need it to be included in the repo since it'll be different every time we install the packages with Node Package Manager