Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Missing package-lock.json file #257

Open
jmgaya opened this issue Nov 15, 2018 · 12 comments

Comments

Projects
None yet
3 participants
@jmgaya
Copy link
Contributor

commented Nov 15, 2018

While following the README.md, a package-lock.json file is created, if the user installs the dependencies through npm. Shall we add this file to repository?

@MattIPv4

This comment has been minimized.

Copy link
Member

commented Jan 1, 2019

@PeterDaveHello Do you know of a reason why this isn't yet committed?

@PeterDaveHello

This comment has been minimized.

Copy link
Member

commented Jan 1, 2019

I don't think we really need to add it. Maybe we'll just ignore it in the .gitignore Thanks.

@MattIPv4

This comment has been minimized.

Copy link
Member

commented Jan 3, 2019

@PeterDaveHello Whilst on the topic of gitignore, is there a reason the SRI folder is included in git? It drives me insane having to unselect it at every commit?

@MattIPv4 MattIPv4 added the question label Jan 3, 2019

@PeterDaveHello

This comment has been minimized.

Copy link
Member

commented Jan 3, 2019

@MattIPv4 you can use sparseCheckout to ignore it.

@MattIPv4

This comment has been minimized.

Copy link
Member

commented May 8, 2019

@PeterDaveHello I plan to create a PR to resolve this soon. I will add package-lock.json to the .gitignore file. Should I also add SRI/ to it as this is an automatically generated folder, or do you want it tracked still?

@PeterDaveHello

This comment has been minimized.

Copy link
Member

commented May 8, 2019

@MattIPv4 any reason to exclude SRI/? BTW, they should be separated issue.

@MattIPv4

This comment has been minimized.

Copy link
Member

commented May 8, 2019

@PeterDaveHello I don't see why it needs to be tracked, isn't it automatically generated when the site is deployed?

@PeterDaveHello

This comment has been minimized.

Copy link
Member

commented May 8, 2019

@MattIPv4 it's automatically generated when the site is built, but why not?

@MattIPv4

This comment has been minimized.

Copy link
Member

commented May 8, 2019

@PeterDaveHello It's just another thing to have to consider when setting up sparseCheckout, or when making a commit.

For someone new who wants to contribute, they may think they need to commit the updated contents of SRI, which then slows down the PR process as it has to be cleaned up?

@PeterDaveHello

This comment has been minimized.

Copy link
Member

commented May 8, 2019

@MattIPv4 I prefer to publish the SRI data to be tracable publicly so anyone has suspicion or wants to prove the integrity and easily audit them.

I'll be happy to help anyone facing issue with contribution if the situation happend, so far I didn't see related issues yet 🙂

@MattIPv4

This comment has been minimized.

Copy link
Member

commented May 8, 2019

@PeterDaveHello Ah, that makes sense. Thank you :)
I'll make the PR to remove package-lock shortly.

@PeterDaveHello

This comment has been minimized.

Copy link
Member

commented May 8, 2019

@MattIPv4 Thank you.

@MattIPv4 MattIPv4 referenced a pull request that will close this issue May 8, 2019

Open

Add `package-lock.json` to .gitignore #278

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.