Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Does package-lock.json need to be versioned in git?

npm 5 & nodejs 8 introduces a file named package-lock.json, I want to know if it is need to be versioned or be ignored in git

like image 200
Henry Leu Avatar asked Jun 20 '17 07:06

Henry Leu


People also ask

Should package lock json be committed to repo?

The package-lock. json file needs to be committed to your Git repository, so it can be fetched by other people, if the project is public or you have collaborators, or if you use Git as a source for deployments. The dependencies versions will be updated in the package-lock. json file when you run npm update .

Do we need to push package lock json?

If you're collaborating on a shared project with multiple developers, and you want to ensures that installations remain identical for all developers and environments, you need to use package-lock. json . package-lock. json is automatically generated for any operations where npm modifies either package.

Should you include package json in Git?

To recap, you should always include both package. json and package-lock. json in your source control. Thus, never put them in the .

Should I remove package lock json?

package-lock. json defines versions used in my project. There should be no need to remove it completely and thus upgrade all dependencies to the latest version just because I upgrade Vaadin.


1 Answers

Short Answer : Yes It must be.

Long Answer :

As Per npmjs Documentaion :

package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.

This file is intended to be committed into source repositories, and serves various purposes:

  • Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.

  • Provide a facility for users to time-travel to previous states of npm_modules without having to commit the directory itself.

  • To facilitate greater visibility of tree changes through readable source control diffs.

  • And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.

like image 142
LuFFy Avatar answered Oct 17 '22 21:10

LuFFy