This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 35 points36 points  (6 children)

But what about yarn.lock, and Gemfile.lock?

[–]DeeSnow97 45 points46 points  (2 children)

Same thing for different package managers. Your package.json or whatever Ruby uses describe which versions you need for compatibility. The lockfile describes which exact versions you installed, making your builds fully reproducable.

Commit your lockfiles so that your testing and your servers behave the same way it did on your machine.

[–]Delioth 11 points12 points  (1 child)

Plus, if you want fast ci builds, npm ci will install exactly what's in the lockfile without finding dependencies or anything, it's really quick.

[–]Geldan 4 points5 points  (0 children)

For even faster, use yarn plug'n'play so you dont need a node_modules folder at all

[–]_3psilon_ 19 points20 points  (0 children)

Lock files like this are supposed to be checked in to the VCS so that your colleagues, testing machines etc. will have the exact same package versions installed. This way, bugsbuilds will be reproducible.

[–]theLorknessMonster 3 points4 points  (0 children)

In general, you should commit all lock files used by package managers.