top | item 22588174

(no title)

What’s the point of reproducibility in your team but not with your users (which is by definition the most common use case)?

Libraries should skip lockfiles because they are ignored by the end user and therefore any testing you do based on them helps no one.

I’ve had lockfiles being broken for no reason* so if you can avoid them, do.

* For example, multiple versions of the same package were installed after several install/updates, but nuking the lock would avoid this issue and solve the problems it caused.

discuss

viraptor|6 years ago

> any testing you do based on them helps no one.

Counter example: they help PR authors.

With a lockfile - CI fails which means the issue is most likely in the change.

Without a lockfile - CI fails which means the issue is with the change, or the new dependencies, or the distribution of the new dependencies, or...

Ideally testing new changes and updating deps are two completely separate processes.