Should we commit yarn.lock and package-lock.json files?

Yes, we should commit yarn.lock and package-lock.json files into the project version control system.

Why we should commit yarn.lock or package-lock.json file?

The npm client or yarn client installs dependencies into the node_modules directory non-deterministically. This means that based on the order dependencies are installed, the structure of a node_modules directory could be different from person to person.

These differences can cause “everything works on my machine” type of issues. These types of issues usually take a longer time to trace.

One of the creators of Yarn says:

The package.json describes the intended versions desired by the original author, while yarn.lock describes the last-known-good configuration for a given application.

Another point about this:

Depends about the type of the project:

  • Is your project an application? Then: Yes
  • Is your project a library? If so: No

Reference:

https://github.com/yarnpkg/yarn/issues/838#issuecomment-253362537
https://stackoverflow.com/questions/39990017/should-i-commit-the-yarn-lock-file-and-what-is-it-for
https://stackoverflow.com/questions/44552348/should-i-commit-yarn-lock-and-package-lock-json-files

Share