Sorry Python but it is what it is.

bjorney
link
fedilink
-11Y

How is it not a lock file?

package.json doesn’t contain the exact version number of all downstream dependencies, this does

Lockfile contains exact state of the npm-managed code, making it reproducible exactly the same every time.

For example without lockfile in your package.json you can have version 5.2.x. In your working directory, you use 5.2.1, however on repo, 5.2.2 has appeared, matching your criteria. Now let’s say a new bug appeared in 5.2.2.

Now you have mismatched vendor code, that can make your code behave differently on your machine, and your coworker’s machine, making you hunt for bug that wasn’t even on your side.

Lockfile prevents that by saving an actual state of vendor code.

bjorney
link
fedilink
11Y

Yes, which is EXACTLY like a pip freeze’d requirements.txt, storing the exact version of every package and downstream dependency you have installed

Create a post

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

  • Posts must be relevant to programming, programmers, or computer science.
  • No NSFW content.
  • Jokes must be in good taste. No hate speech, bigotry, etc.
  • 1 user online
  • 77 users / day
  • 211 users / week
  • 413 users / month
  • 2.92K users / 6 months
  • 1 subscriber
  • 1.53K Posts
  • 33.8K Comments
  • Modlog