0

While upgrading React library version is it advisable to push only package.json or to push package.json and package-lock.json both ?

Sk96
  • 73
  • 1
  • 7

2 Answers2

1

You should push both, no matter what you are upgrading. It is always recommended to push both package.json and package-lock.json into your source control. According to the npm docs on package-lock.json: (Bolding added by me)

package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.

This file is intended to be committed into source repositories, and serves various purposes:

  • Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.

  • Provide a facility for users to "time-travel" to previous states of node_modules without having to commit the directory itself.

  • To facilitate greater visibility of tree changes through readable source control diffs.

  • And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.

You can also see this answer for more information and discussion.

Adam D
  • 1,370
  • 1
  • 13
  • 29
0

both, because all packege.json module version are similar to package-lock.json

ganesh jee
  • 1
  • 5
  • no it's not same! package-lock.json has specific versions whereas package.json has versions with ~ and ^ which gives us flexibility to update package to recent minor version or major version respectively – Sk96 Aug 22 '18 at 06:18
  • yes you are write but when i update the version on package.json any depandency on third party it's also update the similar version of package-lock.json – ganesh jee Aug 22 '18 at 06:46