New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should I need to put yarn.lock in .gitignore? #1583
Comments
You should add yarn.lock to your git, don't ignore it. See https://yarnpkg.com/en/docs/migrating-from-npm
|
Just to be clear - this also applies to libraries as well and not just applications, because opposite to Is this correct? |
@goenning |
* Create README.md * Check yarn.lock into git: yarnpkg/yarn#1583 * Rename React Native component
Also, if you have preauthenticated npm registry, e.g. myget which proxies to npm, |
* Create README.md * Check yarn.lock into git: yarnpkg/yarn#1583 * Rename React Native component * Added custom native module and sample native activity * Updated README.md; added clipboard support; improved layout. * Removed some unused files
@Pfeifenjoy what if you link to private packages using git submodule instead of npm? |
@beenotung I am not a big fan of using git as a dependency manager, because it is very slow, does not resolve dependencies the way I want them to be resolved and in my opinion it is best to have every dependency in one manager. Also the dependency I am referencing will all (not only my own projects) get a different address, because they are saved in my local sinopia account. It would be very tedious to reference all node modules which my projects depends on in git. |
@Pfeifenjoy Is there possibly a conflict in what you want yarn to do? If you want to provide a way to make sure other installations have your dependencies, include it- it's performing as intended. If you're pulling in private repos and sources, you ought to be very cautious about how you share your code per-say, in the same way that you specifically would ignore any keys or salts from a repo (if you want to see a warning on the project readme, I'd make a feature/pull request). Possibly yarn should give a warning when run alerting a user that access to an authenticated source has been included in the lock file, but again, that would be a feature request. |
@thisolivier sounds reasonable |
I disagree with the most upvoted comment here: • if the project uses npm, commit That is, you should not always commit yarn.lock to the repo, and to answer OP's question, yes you might want to add it to
First off, no it won't - only if you're only ever using the public npm registry. Worse if you're not authed to your private org in yarn, (even if you still are in npm), and a package of the same name exists in the public registry, it'll just install the wrong one with no prompt. It would be confusing why your yarn is installing with no errors, yet the app doesn't work when using yarn yet it does when using npm. Secondly, many codebases don't use yarn. It's not a matter of "when they switch over to yarn". Almost all my node services & basic web servers use npm with no plans to move to yarn. I do like yarn with React, that's about it. As @Pfeifenjoy mentioned above:
^ Another thing, even when you solve it locally, you have to incorporate the solution into the yaml or whatever config for CI & anywhere else you spin up the app - some kind of logic that can tell when to use which registry and which command - sounds annoying and unnecessary Another thing - if you encourage everyone to always commit |
Suggest adding `yarn.lock` to the .gitignore file. See discussion here for more details: yarnpkg/yarn#1583
Reason to manage yarn.lock file in git: yarnpkg/yarn#1583
Hey Folks, yarn/package lock files should only be committed
|
No description provided.
The text was updated successfully, but these errors were encountered: