re: When not to use package-lock.json VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Not again :( This is incorrect, the lockfiles should always be committed. This isn't about you, but about your external contributors and project a...
 

The state of dependencies should be described in package.json. That's what the dependencies field is for. Package-lock.json is unnecessary.

 

Not that this is common, but what about the dependencies that your dependencies rely on? What if they change?

code of conduct - report abuse