Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add
package-lock.json
to source control (#1393)
While reviewing #1390, I realized that we haven’t checked in `package-lock.json` into version control, but we explicitly ignore it currently. [`package-lock.json` is an auto-generated manifest file](https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json) which is created and maintained by `npm` on every change to `package.json`. [Having the lock file under version control is actually recommended](https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json#:~:text=This%20file%20is%20intended%20to%20be%20committed%20into%20source%20repositories), because in contrast to the pure `package.json` file, the lock file captures the entire dependency tree. This aims to make builds more reproducible, faster, and safer (due to checksums). Note: if git commit statistics are important to us, then we can also commit this under a separate account (e.g. some sort of bot account), since `package-lock.json` changes are always relatively large diffs in terms of LOC added/deleted. <a data-ca-tag href="https://codeapprove.com/pr/tiny-pilot/tinypilot/1393"><img src="https://codeapprove.com/external/github-tag-allbg.png" alt="Review on CodeApprove" /></a>
- Loading branch information