Hmmm... good question. I'm not actually sure whether version-bump-prompt should update the package-lock.json file by default or not. The package-lock.json file is a lockfile, not a manifest file, which is what package.json, bower.json, and component.json are. It serves a different purpose, so it might be unexpected/undesired to update package-lock.json. But, on the other hand, I can totally see some use-cases where that would be totally expected/desired.

I'll have to think about it a bit. In the meantime, I welcome any comments/input from others. I'd be interested to know whether anyone has strong opinions one way or the other.

For now though, you can sort-of accomplish the same behavior via the --grep argument. It simply searches-and-replaces any occurrence of the old version number with the new version number in one or more files. So, --grep package-lock.json would do the trick. Unfortunately, it might also modify other package versions in the file, if they happen to be the same as your old version. 💩

My own thoughts....

Reasons TO update the package-lock.json

• To keep it in sync with the package.json
• Version-bump-prompt should stay consistent with the npm version command, which does update package-lock.json

Reasons NOT TO update the package-lock.json

• The purpose of package-lock.json is to hold the dependency tree for a specific version of a package. You shouldn't update the version in package-lock.json unless you also update the dependency tree, which is not something that version-bump-prompt can do
• The npm version command does update the version number in package-lock.json, but that's because npm can also update the dependency tree

Thanks for your reply.

I think both opinions are correct.
How about set the optional flag?
Default flag is false

I also find it annoying that my package.json and package-lock.json get out of sync. I dont want to run npm install which may change the other things as well.

I think an optional flag defaulting to false would be good.