Disable Package Lock

[dominicegginton]

Disables package-lock.json from being generated by npm.

@niftylettuce are active contributors still being added at collaborators as per the call for maintainers section in the README?

[JacobMGEvans]

What is the benefit of this, just curious? 😄

[dominicegginton]

What is the benefit of this, just curious? 😄

Iv submitted this PR to disable npm from generating the package-lock.json file.

I believe that npm introduced this file to help fix the common "It works on my machine" scenario. However, package-lock.json files are not published to the npm registry, and should only be used for top-level projects that are not required upon as a dependency of another project. I have found this useful blog post that explains more in detail. Disabling package-lock.json stops this file being generated on every npm install. As a student developer, I could be wrong so feel free to correct me, always willing to learn.

[JacobMGEvans]

What is the benefit of this, just curious? 😄

Iv submitted this PR to disable npm from generating the package-lock.json file.

I believe that npm introduced this file to help fix the common "It works on my machine" scenario. However, package-lock.json files are not published to the npm registry, and should only be used for top-level projects that are not required upon as a dependency of another project. I have found this useful blog post that explains more in detail. Disabling package-lock.json stops this file being generated on every npm install. As a student developer, I could be wrong so feel free to correct me, always willing to learn.

I don't think its a wrong or right thing, you make some good points and I appreciate the details you put into your explanation. I think it will be an architectural decision by the core maintainers at the end of the day. Great Article 😄

[3imed-jaberi]

Please @niftylettuce , make a decision here !

[nfantone]

This is really detrimental to contributors. I'm not following the logic for not generating a lockfile.

[dominicegginton]

Hi @nfantone, thanks for your response.

I'm not following the logic for not generating a lockfile.

My previous comment explained why generating a package-lock.json file is unnecessary. My intentions were to move towards a file structure similar to other core Koa packages, much like Koa itself, that also includes a .npmrc file preventing the package-lock.json file from being generated. To me, it prevents a large unnecessary file being greatened in my workspace, but that's just personal option and preference.

This is really detrimental to contributors.

How is this pr a detriment to contributors? Just wondering as I'm always willing to learn.