undefined | Better HN

0 pointsstaticassertion5y ago0 comments

I don't know much about those projects, but why did this break them? Are they not pinning versions?

0 comments

Because they are starting a new project from scratch and would have nothing to pin their dependencies against?

Maybe I'm misunderstanding how those projects work. From what I recall, they generate a project, including the package.json. So I'm not sure why they couldn't just generate the package.json with pinned versions?

I don't write much JS, and have only used create-react-app just a few times, so feel free to explain why this isn't possible.

mikewhy5y ago

package.json only lists top-level dependencies. package-lock.json tracks all dependencies, and dependencies of dependencies. is-promise is one of those dependencies of a dependency, which you don't have much control over.

2 more replies

j / k navigate · click thread line to collapse