I have looked into this for other reasons and the guidance that I've seen is to check in package-lock.json into source control. I'll leave this stack overflow thread here: https://stackoverflow.com/questions/44206782/do-i-commit-the-package-lock-json-file-created-by-npm-5
I want to point out that I hate that this changes as part of the build. I haven't gotten a complete handle on exactly why package-lock is changing seemingly non-deterministically yet. Casey On Sat, Aug 25, 2018 at 11:05 AM Nick Allen <n...@nickallen.org> wrote: > Yes, I have noticed that also, but have not looked deeper. > > On Sat, Aug 25, 2018 at 10:32 AM Otto Fowler <ottobackwa...@gmail.com> > wrote: > > > I just did a PR, can saw that the package.lock file for alerts-ui was > > changed, with updated versions. > > I did *not* change the file, nor anything in metron-interface. That seems > > to imply that this file is changed or updated by > > something that happens during building or deploying full dev. > > > > Is this true? How does this work? Is this on purpose? > > > > ottO > > >
