- From: Domenic Denicola <notifications@github.com>
- Date: Mon, 07 Apr 2025 21:05:27 -0700
- To: whatwg/webidl <webidl@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 8 April 2025 04:05:31 UTC
domenic left a comment (whatwg/webidl#1482) For streams we've gotten away with gitignoreing package-lock.json. I think this has been a reasonable tradeoff. Our builds are not very reproducible anyway due to always using the latest version of Bikeshed. And if you commit a package-lock.json then you constantly get security alerts for transitive dependencies being outdated. So, I'd be up for gitignoreing package-lock.json in general for spec repositories. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/webidl/issues/1482#issuecomment-2785166088 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/webidl/issues/1482/2785166088@github.com>
Received on Tuesday, 8 April 2025 04:05:31 UTC