About lock files: Yarn or vanilla-NPM

[julien1619]

Hello contributors and developers using this plugin! @mperkh @maddijoyce

While I was publishing the 2.1.0 update I noticed that the package-lock.json generated by NPM was added to the .gitignore file. In fact, when you publish an update using npm version <update_type>, if a package-lock.json exists in the root folder, npm will try to add it to git, causing an error while publishing the update.

I was about to remove the file from .gitignore because it's a good practice to keep a lock file pushed in your project to improve build reproducibility. But I didn't do that because Gatsby uses yarn by default, which is not my case (the README is not up-to-date on this point ^^), and I didn't want to cause any lock files conflicts.

The question is: have you any suggestion to make on this point?

Thank you!

[mperkh]

Hmm.. Haven't seen any gatsbyJS plugin, that has these lock files included. https://github.com/gatsbyjs/gatsby/tree/master/packages

Will it help, if we added package-lock.json to .npmignore?

Think we should conform to the official gatsbyJS plugins, since @KyleAMathews mentioned in discord chat (cannot link into it), this could become an official gatsbyJS plugin.

[julien1619]

Yes I'll try to add it to .npmignore.

Concerning what @KyleAMathews said, I didn't see that. I'm going to discord right now :)

[mperkh]

Discussion took place on 04.09.2017