This file should either be committed explicitly to the repo or explicitly included in our .gitignore. Right now it floats around between branches and causes warnings when switching.
I'm not sure on the best practices here because I'm not really involved with JavaScript, but a decision should be made.
I've assigned our resident JS specialists to sort this out. 馃懐
@johnsaigle generally the best practice is to commit the package-lock.json. @HenriRabalais @zaliqarosli do you both agree or is there a reason we shouldn't in LORIS?
Also see stackoverflow answer.
Yeah I arrived at the same SO post but some people on that thread seem to have issues with it when doing merges etc. so :man_shrugging:
i don't have strong strong opinions but it seems like we should be committing it because 1. changes are only generated when node_modules or package.json are modified and 2. it must match package.json, so everytime package.json is committed, we should be committing package-lock.json alongside it. if the file exists on github, then we may as well be committing it. i think the issue right now is that the two files are out of sync with package-lock not getting updated when package was

@zaliqarosli Yeah I think you're right that they're out of sync. Also package-lock.json appears to be only on major.
Both @driusan and @xlecours are the only ones who have ever committed the file!
Most helpful comment
i don't have strong strong opinions but it seems like we should be committing it because 1. changes are only generated when node_modules or package.json are modified and 2. it must match package.json, so everytime package.json is committed, we should be committing package-lock.json alongside it. if the file exists on github, then we may as well be committing it. i think the issue right now is that the two files are out of sync with package-lock not getting updated when package was