add .npmrc with package-lock=false to disable package-lock.json generation #352
Conversation
| @@ -0,0 +1 @@ | |||
| package-lock=false | |||
There was a problem hiding this comment.
Why it is needed? and what does it solve?
There was a problem hiding this comment.
When i run npm i, it creates a package-lock.json, which is fair to say ignored by .gitignore. But still this is the way to disable package-lock.json generation
There was a problem hiding this comment.
I means why it need to disable the lock file generation.
If it is something specific to your environment or personal perference, then it shouldn't be checked in git repository.
There was a problem hiding this comment.
Main Repo has the .npmrc also
https://github.com/fastify/fastify/blob/main/.npmrc
There was a problem hiding this comment.
That's not a reason.
Here is the PR adding .npmrc with other files in fastify.
fastify/fastify#2269
But, it didn't explain why disable the package-lock.json improve DX.
We can use npm udpate if we install the dependency once.
There was a problem hiding this comment.
npm update does not depend on the lockfile.
@jsumners Any argument why disabling the unnecessary generation of the package-lock.json is a good idea?
There was a problem hiding this comment.
Disable package-lock.json means every run for npm install should fetch and install the latest.
Which means after the first npm install, it is actually doing the same thing as npm update.
There was a problem hiding this comment.
There is not point to having a package lock in a library project. They are ignored when installing the module as a dependency. The only thing having a package lock in this project will accomplish is to lock versions across contributors to the time when the various contributors start their work on the project.
Checklist
npm run testandnpm run benchmarkand the Code of conduct