Reputation: 2274
Does package-lock.json need to be versioned in git?
npm 5 & nodejs 8 introduces a file named package-lock.json, I want to know if it is need to be versioned or be ignored in git
Upvotes: 5
Views: 3328
Answers (1)
Reputation: 9297
Short Answer : Yes It must be.
Long Answer :
As Per npmjs Documentaion :
package-lock.jsonis automatically generated for any operations where npm modifies either thenode_modulestree, orpackage.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.This file is intended to be committed into source repositories, and serves various purposes:
Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.
Provide a facility for users to
time-travelto previous states ofnpm_moduleswithout having to commit the directory itself.To facilitate greater visibility of tree changes through readable source control diffs.
And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.
Upvotes: 14
Related Questions
- Do I commit the package-lock.json file created by npm 5?
- Can't make git stop tracking package-lock.json
- change package-lock.json package back to original repo version
- Managing package.json & package-lock.json with Git
- Should changes in a package.json file be commited to a repository as well?
- What is the point of putting npm's "package-lock.json" under version control?
- Npm; is package-lock.json redundant if package.json only specifies exact versions?
- Should package-lock.json also be published?
- does package-lock.json prevent updates?
- How should I handle package-lock.json when I deploy from git via ssh?