Track and update both package-lock.json and yarn.lock

Hi, considering that Sage 9 officially uses Yarn as dependency manager, why GitHub repository also track the package-lock.json?

See this thread on Stack Overflow for further info.

Seems that the best approach is to track only the lock file used by the chosen dependency manager.

It’s not a big concern to update every time the yarn.lock and the package-lock.json to keep the consistency between the two lock files, but I don’t understand why I have to do this (useless) step.

As suggested in the linked thread, could I untrack and delete package-lock.json from projects repositories in our company (we only use Yarn) or there is any reason to keep it updated and tracked?

Thank you all in advance for the feedback! :slight_smile:

1 Like

I know there have been instances where Yarn doesn’t work on Windows, but NPM does.

I would say use the one you choose to use and remove the one that you don’t. Don’t worry about keeping them both up to date.

1 Like

Now I understand why. @knowler thank you so much for the feedback!

1 Like

@knowler: Have you tried WSL (Bash on Windows) on Windows? yarn should run very well on it.

Yes I have; it’s great.

I believe I had it set up for myself properly, but I haven’t needed to use Windows for the past few months. I had just remembered that one case (the topic I linked above).