Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider dropping (yarn) lockfile #72

Closed
edorivai opened this issue Aug 29, 2023 · 1 comment
Closed

Consider dropping (yarn) lockfile #72

edorivai opened this issue Aug 29, 2023 · 1 comment
Labels
hint/good first issue Someone new could handle this

Comments

@edorivai
Copy link

From When Not to Use Lock Files with Node.js (twilio)...

Lock files are super useful if you build an application like a web server. However, if you publish a library or CLI to npm, lock files are never published. Meaning your users and you might use different versions of dependencies if you use lock files.

And given this recent report - it might be a good idea to drop internal usage of lockfiles, so that there's a better chance of catching bugs due to later versions of transitive dependencies.
@samkim samkim added the hint/good first issue Someone new could handle this label Jan 26, 2024
@tstirrat15
Copy link
Contributor

We went ahead and did this in #168. We'll also probably do it in authzed-py at some point. I appreciate you bringing it up!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
hint/good first issue Someone new could handle this
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@samkim @edorivai @tstirrat15