Should I commit yarn.lock and package-lock.json files?

Question

We\'re using yarn for all our deterministic pkg installations but don\'t prevent the user from using npm - I\'m guessing having both these files will cause issues however. S

Answer 1

Here's my rule of thumb: if you are working on an application, commit the lock file(s). If you are maintaining a library, add it to your ignored list. Either way you should be using accurate semver ranges in package.json. Yehuda Katz (cached) wrote a great explanation for when to commit Gemfile.lock (Ruby's lock file) and when to not. At least read the tl;dr section.