breautek commented on pull request #879: URL: https://github.com/apache/cordova-lib/pull/879#issuecomment-917654419
Package-lock is intended to be committed, as it ensures that two developers on two different machines will install the exact same dependencies when they run npm install. Not to be confused when users are using this package as a library, in which case their root package-lock is used. From NPM: https://docs.npmjs.com/cli/v7/configuring-npm/package-lock-json This file is intended to be committed into source repositories, and serves various purposes: Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies. Provide a facility for users to "time-travel" to previous states of node_modules without having to commit the directory itself. Facilitate greater visibility of tree changes through readable source control diffs. Optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages. As of npm v7, lockfiles include enough information to gain a complete picture of the package tree, reducing the need to read package.json files, and allowing for significant performance improvements. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
