Express: Why package-lock is not in source control?

Created on 17 May 2019  路  2Comments  路  Source: expressjs/express

https://github.com/expressjs/express/blob/10c7756764fbe969b307b15a72fd074479c00f8d/.gitignore#L18

According to NPM docs:

This file is intended to be committed into source repositories.

Which doesn't mean that it should be published to npm:

One key detail about package-lock.json is that it cannot be published.

Is there any reason for lock file to be ignored I'm missing?

Thanks, and keep up with the great work.

question
Source
picture buccfer
😕1 👍1

Most helpful comment

Since npm ignores a package-lock.json file that is in a package, adding one here will have no effect on consumers and will make the CI no longer represent the dependencies a consumer would get by running npm install express.

picture dougwilson on 17 May 2019
👍2

All 2 comments

Since npm ignores a package-lock.json file that is in a package, adding one here will have no effect on consumers and will make the CI no longer represent the dependencies a consumer would get by running npm install express.

dougwilson picture dougwilson on 17 May 2019
👍2

Thanks @dougwilson for the great explanation :+1:

buccfer picture buccfer on 17 May 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

despairblue picture despairblue  路  3Comments
gaurav5430 picture gaurav5430  路  3Comments
prashantLio picture prashantLio  路  3Comments
HafidAbnaou picture HafidAbnaou  路  3Comments
wxs77577 picture wxs77577  路  3Comments