search

kshitijyelpale / blockchain-hyperledger-fabric-electronic-patient-records

GNU General Public License v3.0
49 stars 43 forks source link

Removal package-lock.json files and adding it to gitignore #20

Closed kshitijyelpale closed 3 years ago

kshitijyelpale commented 3 years ago

Task linked: CU-crxj5f Addition of not required files in gitignore

varshakamath1 commented 3 years ago

I don't think there is a need to delete package-lock.json, here are the reasons in the link below. https://siderite.dev/blog/npm-gotcha-commit-and-do-not-delete.html/#:~:text=json.,delete%20node_modules%20and%20package%2Dlock.

kshitijyelpale commented 3 years ago

I don't think there is a need to delete package-lock.json, here are the reasons in the link below. https://siderite.dev/blog/npm-gotcha-commit-and-do-not-delete.html/#:~:text=json.,delete%20node_modules%20and%20package%2Dlock.

Well first of thanks, for pointing this out. I was in this understanding that it is not necessary.

I read the article, it is mentioned that your application need any specific version of dependency(no tilde, no caret, no asterisks, no intervals) then we really need the lock file, else package.json is sufficient. Well in our case it is not the case, and we can delete it but still I think we can keep it.

On the top of that I have doubt, whenever I checkout and i need to run npm install, so it always appears in change list. So now I have installed all dependencies and like to commit and check if you have the same problem or not. From this perspective, I think we should keep node_modules as well, because without that lock is useless. New developer always need to execute "npm install" then.

So should we do that? @varshakamath1 @sjathin

sjathin commented 3 years ago

We have to execute npm install just once. Which then installs all the dependencies mentioned in the package.json into the node_modules. And I have already added node_modules to the gitignore.

sjathin commented 3 years ago

Not a good practice to check in the node_modules.

sjathin commented 3 years ago

New developer always need to execute "npm install" then.

This is how node application works. First, install and then run. No one checks in the node_modules to the repo.

kshitijyelpale commented 3 years ago

New developer always need to execute "npm install" then.

This is how node application works. First, install and then run. No one checks in the node_modules to the repo.

In that case, is there a point to keep lock file?

sjathin commented 3 years ago

https://nodejs.dev/learn/the-package-lock-json-file

sjathin commented 3 years ago

The package-lock.json file needs to be committed to your Git repository, so it can be fetched by other people, if the project is public or you have collaborators, or if you use Git as a source for deployments.

kshitijyelpale commented 3 years ago

Okay then I will keep the lock files and remove the entry from .gitignore.