Skip to content

Instantly share code, notes, and snippets.

@lirantal

lirantal/why-absence-of-lockfiles-doesnt-help-consumers.md

Created December 30, 2019 12:53
Show Gist options
  • Save lirantal/f30be60a34d85e3fd7370990b75cdb73 to your computer and use it in GitHub Desktop.
Save lirantal/f30be60a34d85e3fd7370990b75cdb73 to your computer and use it in GitHub Desktop.
Download ZIP
why-absence-of-lockfiles-doesnt-help-consumers.md
Raw
why-absence-of-lockfiles-doesnt-help-consumers.md

Why the absence of lockfiles doesn't help consumers

  1. you build a library: thewesley
  2. it has no lockfile
  3. it has a prod dep: baby-yoda@~1.0.0
  4. you published thewesley@1.0.0 and tested it works well with baby-yoda@1.0.0
  5. it’s Dec 30: you’re on your honeymoon
  6. it’s Dec 31: baby-yoda published incompatible version@1.0.1
  7. it’s Jan 1st: I install thewesley@1.0.0
  8. it’s Jan 1st: I’m frustrated that thewesley is broken
  9. it’s Jan 2nd: you don’t know that I’m frustrated until I open an issue or you manually run an “npm install” or someone triggers a CI/Pull Request to work on your project that verifies it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment