This PR removes package-lock.json files in starter templates.
For context, package-lock.json files are treated in two different ways by StackBlitz:
In EngineBlock projects, which use the Turbo package manager, they are ignored.
In WebContainer projects, which use the npm package manager by default, they are used to speed up installation of dependencies, provided that the package-lock.json is not stale.
When importing WebContainer projects, the StackBlitz GitHub project importer will automatically generate a package-lock.json if there is none (and there is a package.json), to get the aforementioned install speed boost.
Based on this:
We don't want package-lock.json files for starter templates that use EngineBlock.
For those that use WebContainer, having a package-lock.json can be useful but is not strictly necessary, since the importer will generate one.
To keep things simple in this repo, and to follow the lead of projects like the Vite example templates, I propose removing the package-lock.json files for templates.
Pros of having package-lock.json
template can be imported by our GH importer a bit faster, since the importer doesn't have to call to a resolver service to generate a package-lock.json.
provides a bit of stability (imported projects are cached for a day, so every day we get a new package-lock.json with potentially updated dependencies that could break if there are breaking changes/bugs in a semver minor).
Cons of having package-lock.json
We don't want a package-lock.json in EngineBlock projects, so we'd have to check that we don't end up adding those.
They can grow stale if we someone updates the package.json but not the package-lock.json, and we don't have any CI checking that.
If the project has a stale package-lock.json, then installing dependencies becomes slower on StackBlitz that if we didn't have one (and were generating a new one on import).
This PR removes
package-lock.json
files in starter templates.For context,
package-lock.json
files are treated in two different ways by StackBlitz:package-lock.json
is not stale.When importing WebContainer projects, the StackBlitz GitHub project importer will automatically generate a
package-lock.json
if there is none (and there is apackage.json
), to get the aforementioned install speed boost.Based on this:
package-lock.json
files for starter templates that use EngineBlock.package-lock.json
can be useful but is not strictly necessary, since the importer will generate one.To keep things simple in this repo, and to follow the lead of projects like the Vite example templates, I propose removing the
package-lock.json
files for templates.Pros of having
package-lock.json
package-lock.json
.package-lock.json
with potentially updated dependencies that could break if there are breaking changes/bugs in a semver minor).Cons of having
package-lock.json
package-lock.json
in EngineBlock projects, so we'd have to check that we don't end up adding those.package.json
but not thepackage-lock.json
, and we don't have any CI checking that.package-lock.json
, then installing dependencies becomes slower on StackBlitz that if we didn't have one (and were generating a new one on import).