Remove `package-lock.json`

slab / delta

Simple and expressive JSON format for describing rich-text content and their changes

https://quilljs.com/docs/delta

BSD 3-Clause "New" or "Revised" License

914 stars 130 forks source link

Remove `package-lock.json` #74

Closed alecgibson closed 3 years ago

alecgibson commented 3 years ago

package-lock.json is not published, so it shouldn't be committed in packages, since running a build with a lockfile will not give a true representation of how a consumer would be installing dependencies.

coveralls commented 3 years ago

Coverage remained the same at 98.857% when pulling e0c8a5bbf960fde3e7209d84ff734bf86ea0f04f on reedsy:package-lock into d7a3be9292e92ba3837803b49e482b96487ae7a9 on quilljs:master.

jhchen commented 3 years ago

I don't believe this is best practice. Please cite sources to the contrary.

alecgibson commented 3 years ago

This sums up what I consider best practice around this: https://dev.to/gajus/stop-using-package-lock-json-or-yarn-lock-3ddi

In short:

commit package-lock.json if your repo is a standalone app
don't commit it if your repo is a package (ie intended to be a dependency of other apps)

alecgibson commented 3 years ago

Obviously this is your repo, so obviously do whatever you think is best; I just raised this in case the lockfile had been accidentally committed.

jhchen commented 3 years ago

You can see in the commit history it is not an accident. I agree with the top commenter on that blog post who is a maintainer of yarn that one should always commit package-lock.json for the reason he gives. This is also in addition to official NPM docs which that blog posts tries to spin as a source of confusion.