Yes, we should commit yarn.lock and package-lock.json files into the project version control system.
Why we should commit yarn.lock or package-lock.json file?
The npm client or yarn client installs dependencies into the node_modules directory non-deterministically. This means that based on the order dependencies are installed, the structure of a node_modules directory could be different from person to person.
These differences can cause “everything works on my machine” type of issues. These types of issues usually take a longer time to trace.
One of the creators of Yarn says:
The package.json describes the intended versions desired by the original author, while yarn.lock describes the last-known-good configuration for a given application.
Another point about this:
Depends about the type of the project:
- Is your project an application? Then: Yes
- Is your project a library? If so: No