Hi there,
Good question!
Some disagreement exists on whether repos should include package-lock.json , but committing it does ensure greater consistency between the environments where it was created and the Netlify Build environment, so it is beneficial to commit it and push it, we think. While the package.json specifies the packages and builds generally, it often leaves some room for there to be slight differences between what the package.json recommends and what actually gets installed, as you are able to say “i want at least version 12.3 but higher would also be ok of $somePackage”. While in a perfect world all minor versions would play nice all the time, they don’t always, and this can cause some friction, sometimes.
The build env, like any other computer that clones the repo, can install the dependencies based on the package.json, but if there’s no package-lock.json it can’t guarantee eveything is on the same version.
Or put another way -
- Required? No, though not really because the build process creates one. More because
package.jsonhas the basic info we need. - Recommended? Depends on who you talk to, but it does help with inconsistencies across environments.
Let us know if you still have questions!