Package-lock.json - what are the agreements on projects, best practice?

A

akkant2022-02-20 13:40:02

Version control systems

akkant, 2022-02-20 13:40:02

Help me figure out how to work with this file.
for example, I clone the project and install dependencies - almost always package-lock will be updated in some way. Naturally, you should not commit your fix or FR along with the updated file and it remains modified only in the local project. It seems to be decided - but in fact it turns out that the development was carried out on one lock file and in the current master another?
How is work with this file and commits of its updates on different projects generally built? what best practices should be followed?
Thank you in advance for your help

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

L

Lynn "Coffee Man", 2022-02-20
@Lynn

You need to install dependencies with the npm ci command, then package-lock will not change. And if npm ci gives an error, then someone has committed an incompatible package and package-lock, and this should be fixed with a separate commit.
In normal operation, package-lock only changes when dependencies change.