Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
maint/deps ~ store package locks (for CI/dev reproducibility)
# [why] When using the standard dependency install procedure (`npm install` or `yarn install`), a new dependency tree will be created based on conditions at the time of installation. If the project *and all it's dependencies* don't use strict, fully semver-compatible, versioning then the built/tested project may be subtly different from some other installation, even when reconstituted from exactly the same package code. In practice, especially with a small number of simple dependencies, this may not be a problem, but it can become one with larger code bases. So, as a hedge against dependency drift, store package locks periodically (likely with each published version). The stored locks can be used to generate a stable touchstone for development and testing. To install identical development/CI environments, use `npm clean-install` (or `npm ci`). The equivalent `yarn` command is `yarn install --immutable --immutable-cache --check-cache`. ref: [Commit 'package-lock.json'?](https://stackoverflow.com/questions/44206782/do-i-commit-the-package-lock-json-file-created-by-npm-5)@@<https://archive.is/PN1P2> ref: [Yarn equivalent of `npm ci`](https://stackoverflow.com/questions/58482655/what-is-the-closest-to-npm-ci-in-yarn)@@<https://archive.is/FlEf0> ref: [Convert 'package-lock.json' to 'yarn.lock'](https://stackoverflow.com/questions/50093627/how-to-convert-package-lock-json-to-yarn-lock)@@<https://archive.is/t0QV0>
- Loading branch information