Yes, it can and will affect all the project in really bad way.
if your team does not run npm install
after each git pull
you all are using different dependencies' versions. So it ends with "but it works for me!!" and "I don't understand why my code does not work for you"
even if all the team runs npm install
it still does not mean everything is ok. at some moment you may find your project acts differently. in a part that you have not been changing for years. and after (probably, quite painful) debugging you will find it's because of 3rd level dependency has updated for next major version and this led some breaking changes.
Conclusion: don't ever delete package-lock.json
.
Yes, for first level dependencies if we specify them without ranges (like "react": "16.12.0"
) we get the same versions each time we run npm install
. But we cannot say the same about dependencies of 2+ level deep (dependencies that our dependencies are relying on), so package-lock.json
is really important for stability.
In your case you better do next way:
- fix conflicts in
package.json
- run
npm install
As easy as it looks. The same to yarn - it fixes lockfile conflict on its own. The only requirement here to resolve all the conflicts in package.json
beforehand if any.
Per docs npm will fix merge conflicts in package-lock.json
for you.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…