package-lock.json should be committed to git

Question

package-lock.json should be committed to git

Closed this issue a year ago · 2 comments

this ensures that npm installs the same version of packages for everyone. people should use npm ci when creating a production build instead of npm install.

(i use yarn not npm or i'd submit a PR)

Answer 1 · 2023-06-14T06:40:06.000Z

Yeah, this is part of what I meant by #13.

Answer 2 · 2023-06-14T07:07:29.000Z

oh i saw that issue but only saw cargo mentioned so i skipped it. i missed the package.json mentions.

normally for node, you have both package.json and package-lock.json in git.