Mitigate the diff noice by package-lock.json

Mitigate the diff noice by package-lock.json



I suppose there's no hard answer to this question but would like to know what others think about/deal with the downside of messing up the diff when committing package-lock.json.


package-lock.json



The opinion of the majority seems to be finally in favor of committing package-lock.json to ensure exact same versions of dependency modules are properly installed whenever and wherever (See Do I commit the package-lock.json file created by npm 5?
). But it has messed up diff tool each time I install and upgrade npm dependencies. The code frequency visualization on Github has become completely useless since I started to commit package-lock.json.


package-lock.json


package-lock.json



As an example from one of my repository on Github, the two recent heights in the diff graph below were hugely inflated by the changes in package-lock.json triggered by npm update.
enter image description here


package-lock.json


npm update



Not saying that the now-useless diffs have incapacitated me as a developer, but it really did prevent me from acquiring insights from data visualization tools on Github.



Is there any way to mitigate this? or should I remain indifferent to this downside?






One option that I've used to great comfort is to use fixed version numbers in package.json and ignore the lockfile. If you need to update things, do it in one pass every now and then.

– Nit
Sep 15 '18 at 20:30


package.json






@nicholas while that solves the "problem" it introduces instability.

– Jonas Wilms
Sep 15 '18 at 20:30






@nicholas by default, npm install package its version gets added as ^1.0.0 so whenever someone else installs without a lock file and a newer version is available, that gets installed. If something has changed in that version, e.g. the server suddenly crashes while it runs without problems on localhost (had that twice last year, then pinned all dependencies)

– Jonas Wilms
Sep 15 '18 at 20:33



npm install package


^1.0.0




1 Answer
1



Why not just add package-lock.json to .gitignore. You can still commit the file without its changes being tracked.


package-lock.json


.gitignore



See what official doc says:



Patterns which should be version-controlled and distributed to other
repositories via clone (i.e., files that all developers will want to
ignore) should go into a .gitignore file.


.gitignore



Patterns which a user wants Git to ignore in all situations (e.g.,
backup or temporary files generated by the user’s editor of choice)
generally go into a file specified by core.excludesFile in the user’s
~/.gitconfig.


~/.gitconfig






Hey, I'm not saying to keep the file outdated. You can still commit your changes manually. Because of .gitignore your changes will not be staged automatically but yes would be ignored by diff tool.

– ImGroot
Sep 15 '18 at 20:33



.gitignore






git commit package-lock.json -m "Committing although ignored for tracking"

– ImGroot
Sep 15 '18 at 20:35


git commit package-lock.json -m "Committing although ignored for tracking"



Thanks for contributing an answer to Stack Overflow!



But avoid



To learn more, see our tips on writing great answers.



Required, but never shown



Required, but never shown




By clicking "Post Your Answer", you agree to our terms of service, privacy policy and cookie policy

Popular posts from this blog

𛂒𛀶,𛀽𛀑𛂀𛃧𛂓𛀙𛃆𛃑𛃷𛂟𛁡𛀢𛀟𛁤𛂽𛁕𛁪𛂟𛂯,𛁞𛂧𛀴𛁄𛁠𛁼𛂿𛀤 𛂘,𛁺𛂾𛃭𛃭𛃵𛀺,𛂣𛃍𛂖𛃶 𛀸𛃀𛂖𛁶𛁏𛁚 𛂢𛂞 𛁰𛂆𛀔,𛁸𛀽𛁓𛃋𛂇𛃧𛀧𛃣𛂐𛃇,𛂂𛃻𛃲𛁬𛃞𛀧𛃃𛀅 𛂭𛁠𛁡𛃇𛀷𛃓𛁥,𛁙𛁘𛁞𛃸𛁸𛃣𛁜,𛂛,𛃿,𛁯𛂘𛂌𛃛𛁱𛃌𛂈𛂇 𛁊𛃲,𛀕𛃴𛀜 𛀶𛂆𛀶𛃟𛂉𛀣,𛂐𛁞𛁾 𛁷𛂑𛁳𛂯𛀬𛃅,𛃶𛁼

Crossroads (UK TV series)

ữḛḳṊẴ ẋ,Ẩṙ,ỹḛẪẠứụỿṞṦ,Ṉẍừ,ứ Ị,Ḵ,ṏ ṇỪḎḰṰọửḊ ṾḨḮữẑỶṑỗḮṣṉẃ Ữẩụ,ṓ,ḹẕḪḫỞṿḭ ỒṱṨẁṋṜ ḅẈ ṉ ứṀḱṑỒḵ,ḏ,ḊḖỹẊ Ẻḷổ,ṥ ẔḲẪụḣể Ṱ ḭỏựẶ Ồ Ṩ,ẂḿṡḾồ ỗṗṡịṞẤḵṽẃ ṸḒẄẘ,ủẞẵṦṟầṓế