Express: Why package-lock is not in source control?

Created on 17 May 2019  路  2Comments  路  Source: expressjs/express

https://github.com/expressjs/express/blob/10c7756764fbe969b307b15a72fd074479c00f8d/.gitignore#L18

According to NPM docs:

This file is intended to be committed into source repositories.

Which doesn't mean that it should be published to npm:

One key detail about package-lock.json is that it cannot be published.

Is there any reason for lock file to be ignored I'm missing?

Thanks, and keep up with the great work.

question

Most helpful comment

Since npm ignores a package-lock.json file that is in a package, adding one here will have no effect on consumers and will make the CI no longer represent the dependencies a consumer would get by running npm install express.

All 2 comments

Since npm ignores a package-lock.json file that is in a package, adding one here will have no effect on consumers and will make the CI no longer represent the dependencies a consumer would get by running npm install express.

Thanks @dougwilson for the great explanation :+1:

Was this page helpful?
0 / 5 - 0 ratings

Related issues

mdcotter picture mdcotter  路  31Comments

laoshaw picture laoshaw  路  47Comments

dougwilson picture dougwilson  路  103Comments

lykkin picture lykkin  路  20Comments

bryanCoteChang picture bryanCoteChang  路  23Comments