Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update package.json.md #172

Closed
wants to merge 1 commit into
base: latest
from

Conversation

Projects
None yet
3 participants
@bennypowers
Copy link

bennypowers commented Mar 7, 2019

Makes it clear that package-lock.json can be included with glob wildcards, and that this behaviour differs from other excluded globs.

Update package.json.md
Makes it clear that package-lock.json can be included with glob wildcards, and that this behaviour differs from other excluded globs.

@bennypowers bennypowers requested a review from npm/cli-team as a code owner Mar 7, 2019

@@ -219,7 +219,8 @@ Conversely, some files are always ignored:
* `node_modules`
* `config.gypi`
* `*.orig`
* `package-lock.json` (use shrinkwrap instead)

`package-lock.json` is ignored by default, unless explicitly included (e.g. with `"*"`). Use shrinkwrap instead.

This comment has been minimized.

@ljharb

ljharb Mar 7, 2019

Contributor

O.o does this mean if package-lock is explicitly included, that npm install will respect package-lock.json files that are present inside installed dependencies?

This comment has been minimized.

@bennypowers

bennypowers Mar 7, 2019

Author

🤷‍♂️I only noticed that the file was included. I don't know about the consequences for packages.

It may very well be that the original docs were "correct" in terms of intended API, and that this inclusion behaviour is a bug

This comment has been minimized.

@zkat

zkat Mar 7, 2019

Member

We don't obey package-lock.json shipped with dependencies. Only npm-shrinkwrap.json is obeyed, so shipping these files is mostly an annoyance.

This comment has been minimized.

@bennypowers

bennypowers Mar 7, 2019

Author

Should that be expressed explicitly here in the docs?

@zkat
Copy link
Member

zkat left a comment

Hey! Thanks for taking the time to put this together. After some discussion, we decided that this is probably not the right place for this kind of comment, and I'm afraid people might get confused about what shrinkwrap is and why they're being told to use it instead of package-lock.json.

As such, we're gonna pass on this PR, but I hope you continue contributing in the future! The care is appreciated! ❤️

@zkat zkat closed this Mar 18, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.