Do I need to add package-lock.json to .gitignore?

W

WebDev2019-07-19 10:38:40

JavaScript

WebDev, 2019-07-19 10:38:40

Tell me, do I need to add the package-lock.json file to .gitignore?
It doesn't seem to be necessary. There is a lot written about this, by default it is not in .gitignore, but when I run npm install on the server, the next time I commit, I get the error "Your local changes to the following files would be overwritten by merge: package-lock.json"

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

R

Ruslan Lopatin, 2019-07-19
@lorus

According to the official documentation , package-lock.json is intended to be in the repository so that all developers of the project work with the same set of dependencies.
Regarding the fact that it does not need to be included in the library code - not true:
Answer to your question: never add package-lock.json to .gitignore

K

kafkiansky, 2019-07-19
@mad_maximus

If it's a library, you want users of your library to always download up-to-date dependencies from package.json. If the project is not needed, then those who write the project with you will use the libraries, the versions of which are specified in package-lock.json. Therefore, they will not have conflicts.

L

Lynn "Coffee Man", 2019-07-19
@Lynn

You need to run npm ci on the server.
If it couldn’t deliver something, then you have an outdated package-lock.json and you need to fix it.

�

Максим Мандрик, 2021-08-07
@Barh33

Советуют использовать lock файл для приложений, но не для библиотек, потому что для пользователей библиотек файл lock игнорируется. И чтобы быть более приближённым к пользовательским окружениям этот файл не используется в репозиториях библиотек.
Более подробно:
https://github.com/sindresorhus/ama/issues/479#iss...