I’ve read the documentation on Yarn, and I know the
lock file is supposed to be committed to VC. See this and which explains at a high-level why the lock file is necessary, and this which lists a bunch of commands without much explanation of what they actually do!
I’ve also read a lot of questions on SO which asks about whether the
lock file should be committed to VC.
However, all the documentation and SO threads seems to overlook the detail that I want to know, which is the following; What is the correct procedure (the correct bunch of commands to run) for:
- Updating the
yarn.lockfile when I need to (i.e. in the development environment where I want to pull the latest minor versions and update the
lockfile to reflect this)
- For keeping my lock file in synch with other developers to ensure that they are developing/testing from the exact same dependency versions, and
- For updating/re-synching the
node_modulesdirectory on the production server (i.e. to ensure that the production server isn’t running on a different/breaking version of dependant packages)
I ask partly because in the past while doing a
git pull on the server, I’ve faced messages telling me that the
yarn.lock file has been updated independently of the development/VC process. As far as I’m concerned, this should never be allowed to happen.