Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why it is needed? and what does it solve?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When i run npm i, it creates a package-lock.json, which is fair to say ignored by .gitignore. But still this is the way to disable package-lock.json generation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I means why it need to disable the lock file generation.
If it is something specific to your environment or personal perference, then it shouldn't be checked in git repository.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Main Repo has the .npmrc also
https://github.com/fastify/fastify/blob/main/.npmrc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's not a reason.
Here is the PR adding
.npmrc
with other files infastify
.fastify/fastify#2269
But, it didn't explain why disable the
package-lock.json
improve DX.We can use
npm udpate
if we install the dependency once.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
npm update does not depend on the lockfile.
@jsumners Any argument why disabling the unnecessary generation of the package-lock.json is a good idea?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Disable
package-lock.json
means every run fornpm install
should fetch and install the latest.Which means after the first
npm install
, it is actually doing the same thing asnpm update
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is not point to having a package lock in a library project. They are ignored when installing the module as a dependency. The only thing having a package lock in this project will accomplish is to lock versions across contributors to the time when the various contributors start their work on the project.