Skip to content
Permalink
Browse files
Docs: Explain why we disable lock files (refs eslint/tsc-meetings#234) (
  • Loading branch information
btmills committed Jan 18, 2021
1 parent 6509705 commit f7ca48165d025e01c38698352cff24d1de87cc8b
Showing 1 changed file with 10 additions and 0 deletions.
@@ -136,6 +136,16 @@ Once a language feature has been adopted into the ECMAScript standard (stage 4 a

Join our [Mailing List](https://groups.google.com/group/eslint) or [Chatroom](https://eslint.org/chat).

### Why doesn't ESLint lock dependency versions?

Lock files like `package-lock.json` are helpful for deployed applications. They ensure that dependencies are consistent between environments and across deployments.

Packages like `eslint` that get published to the npm registry do not include lock files. `npm install eslint` as a user will respect version constraints in ESLint's `package.json`. ESLint and its dependencies will be included in the user's lock file if one exists, but ESLint's own lock file would not be used.

We intentionally don't lock dependency versions so that we have the latest compatible dependency versions in development and CI that our users get when installing ESLint in a project.

The Twilio blog has a [deeper dive](https://www.twilio.com/blog/lockfiles-nodejs) to learn more.

## <a name="releases"></a>Releases

We have scheduled releases every two weeks on Friday or Saturday. You can follow a [release issue](https://github.com/eslint/eslint/issues?q=is%3Aopen+is%3Aissue+label%3Arelease) for updates about the scheduling of any particular release.

0 comments on commit f7ca481

Please sign in to comment.