pkg.lock.json
need some sort of "lockfile" concept, probably. ugh.
ref https://github.com/savq/paq-nvim/issues/149#issuecomment-1665434482
In paq-nvim, the lockfile is just used to check if an installed package has version/URL mismatch with what users specify in their config. So their lockfile is just a JSON-ized version of their Packages object
{
"package-1": {
"name": "package-1",
"url": "https://.../package-1.git"
"hash": "..."
// Other field of Package that can be serialized
},
"pack2": {
"name": "pack2",
"url": ""
"hash": "..."
// etc
}
}
Also since pkg.json's lockfile is called pkg.lock.json instead of pkg-lock.json, does that mean it doesn't have to be a subset of npm's package-lock.json?
Is this issue still needs to be opened, as vim.pack already has lockfile support?
Depends on whether it makes sense to formalize the lockfile spec here.