Ignore package-lock.json files

[felixheidecke]

I suggest ignoring the package-lock.json files altogether. They do not make sense as we pre-compile and pack Applications anyway instead of having the user compile it for themselves.

[PVince81]

@felixheidecke we need them for the build script that will build these pre-compiled packages so we have consistent lib versions and deterministic builds.

[felixheidecke]

I need to look into suppress the creation of a package-lock.json file in a node development environment since it makes no sense here. For production, sure … locking packages make sense.

[scramb]

As recommend in npm/npm#18007
They suggest using npm-merge-driver package which tells git how to fast-forward merge the conflicts in package-lock. The other way to go is using yarn instead of npm. Since the yarn-lock file is not json, this feels easier to handle imo.

[DeepDiver1975]

we anyhow wanted to switch to yarn ....

[scramb]

@DeepDiver1975 should i add yarn to #286 or shall i prepare a new one with the whole process and yarn in another PR?

[DeepDiver1975]

I'm fine putting this into #286 - THX

[tempelgogo]

merged implicit with yarn migration #286