`package-lock.json` keeps being altered.See original GitHub issue
Every single pull request made by others contains a commit that shows the package-lock.json being altered. However, the user and creator of the pull-request hasn’t done anything or made any changes. I think it automatically updates things such as the version every time someone forks and clones, and adds changes.
EDIT: An easy solution would be to create a file named
.gitignore, and add the following content to it:
node_modules package-lock.json package.json
- Created 2 years ago
- Comments:14 (13 by maintainers)
Top GitHub Comments
Heyy @CodingSpecies , I digged into this issue and looks like this is intended by npm. Whenever you run a
npm install the package-lock.json file will get updated to have the newest version of dependencies. We have one possible solutions for this
- I’ve found that there will be a new version of npm 5.7.1 with the new command
npm ci, that will install from package-lock.json only ( Stack overflow ) [ This will fail the install if there are mismatch of versions in package and package-lock rather than update]
Any other possible solutions that you can add ?
Thanks all for he collaboration everyone 👍 yes the docs where not clear, but have now been improved
I will close this issue for now, if we need to re-open or create a new one in the future we can 🤓