Mitigate the diff noice by package-lock.json
Mitigate the diff noice by package-lock.json
I suppose there's no hard answer to this question but would like to know what others think about/deal with the downside of messing up the diff when committing package-lock.json.
package-lock.json
The opinion of the majority seems to be finally in favor of committing package-lock.json to ensure exact same versions of dependency modules are properly installed whenever and wherever (See Do I commit the package-lock.json file created by npm 5?
). But it has messed up diff tool each time I install and upgrade npm dependencies. The code frequency visualization on Github has become completely useless since I started to commit package-lock.json.
package-lock.json
package-lock.json
As an example from one of my repository on Github, the two recent heights in the diff graph below were hugely inflated by the changes in package-lock.json triggered by npm update.
package-lock.json
npm update
Not saying that the now-useless diffs have incapacitated me as a developer, but it really did prevent me from acquiring insights from data visualization tools on Github.
Is there any way to mitigate this? or should I remain indifferent to this downside?
package.json
@nicholas while that solves the "problem" it introduces instability.
– Jonas Wilms
Sep 15 '18 at 20:30
@nicholas by default,
npm install package its version gets added as ^1.0.0 so whenever someone else installs without a lock file and a newer version is available, that gets installed. If something has changed in that version, e.g. the server suddenly crashes while it runs without problems on localhost (had that twice last year, then pinned all dependencies)– Jonas Wilms
Sep 15 '18 at 20:33
npm install package
^1.0.0
1 Answer
1
Why not just add package-lock.json to .gitignore. You can still commit the file without its changes being tracked.
package-lock.json
.gitignore
See what official doc says:
Patterns which should be version-controlled and distributed to other
repositories via clone (i.e., files that all developers will want to
ignore) should go into a .gitignore file.
.gitignore
Patterns which a user wants Git to ignore in all situations (e.g.,
backup or temporary files generated by the user’s editor of choice)
generally go into a file specified by core.excludesFile in the user’s
~/.gitconfig.
~/.gitconfig
Hey, I'm not saying to keep the file outdated. You can still commit your changes manually. Because of
.gitignore your changes will not be staged automatically but yes would be ignored by diff tool.– ImGroot
Sep 15 '18 at 20:33
.gitignore
git commit package-lock.json -m "Committing although ignored for tracking"– ImGroot
Sep 15 '18 at 20:35
git commit package-lock.json -m "Committing although ignored for tracking"
Thanks for contributing an answer to Stack Overflow!
But avoid …
To learn more, see our tips on writing great answers.
Required, but never shown
Required, but never shown
By clicking "Post Your Answer", you agree to our terms of service, privacy policy and cookie policy
One option that I've used to great comfort is to use fixed version numbers in
package.jsonand ignore the lockfile. If you need to update things, do it in one pass every now and then.– Nit
Sep 15 '18 at 20:30