Don't list lockfiles in .gitignore, remove them before commits

[luftywiranda13]

What:
Integrate remove-lockfiles

Why:
Currently this project ignores lockfiles (package-lock.json & yarn.lock). This can lead to harder debugging process because contributors might be locked to different versions of deps

How:

• Install remove-lockfiles then integrate it in precommit
• Remove lockfiles from .gitignore

How did I test this?

• There are tests in remove-lockfiles repo
• Also tested in this project by installing deps using yarn and npm. Lockfiles were generated but not included in commits.
• remove-lockfiles not only unstages but also removes the lockfiles before commits

[silverwind]

Hmm, I'd rather avoid having them created in the first place than to introduce a git hook. I have to investigate if adding a .npmrc and a .yarnrc in the project directory can effectively prevent their creation.

[luftywiranda13]

@silverwind yes, it can. but the downside is it means you limit the contributors to use a specific package manager only (npm or yarn).

how about having both of the dotfiles (.yarnrc and .npmrc) together?
hmmm I don't think it's a good idea. two additional dotfiles just to prevent the lockfiles 😢

[silverwind]

Yes, it's a shame. I'd really like a option in package.json to disable lockfiles which all package managers should honor.

[luftywiranda13]

I agree, wish there's a universal option that we can add in package.json to prevent lockfiles creation. But I think we're still far from that because both (npm and yarn) suggest to commit the lockfiles for both libraries and apps

[silverwind]

I opted for the config file approach, thought I don't really think the issue will matter. We don't get many contributors and most of them probably never install dependencies.

[luftywiranda13]

well yeah it's okay, thanks anyway 😄