Should we commit yarn.lock and package-lock.json files?

Yes, we should commit yarn.lock and package-lock.json files into the project version control system.

Why we should commit yarn.lock or package-lock.json file?

The npm client or yarn client installs dependencies into the node_modules directory non-deterministically. This means that based on the order dependencies are installed, the structure of a node_modules directory could be different from person to person.

These differences can cause “everything works on my machine” type of issues. These types of issues usually take a longer time to trace.

One of the creators of Yarn says:

The package.json describes the intended versions desired by the original author, while yarn.lock describes the last-known-good configuration for a given application.

Another point about this:

Depends about the type of the project:

  • Is your project an application? Then: Yes
  • Is your project a library? If so: No