(question) Missing lock file

Question

(question) Missing lock file

oriSomething opened this issue 2 years ago · 2 comments

After looking .gitignore, I saw there are no lock files. What's the reason?

Answer 1 · 2022-11-08T17:31:24.000Z

Doesn’t matter to end user. Is just a lot of noise in PRs and CI should always pick up latest dependency versions when testing cuz users will also be installing latest versions of each semver range

Answer 2 · 2022-11-08T17:32:59.000Z

Lock files are meant to lock versions (which a library with runtime “dependencies” should never want) and are meant to speed up installs for CI/maintainers (which is already very fast).

They really should only be used in end-user applications or in any project that has pinned versions for every dependency.