yarn.lock

為了在不同機器上得到一致的安裝結果, Yarn 需要比紀錄在 package.json 中的相依性要來的更多的資訊, Yarn 需要儲存每個相依性所安裝的確切的版本。

為了做到這點, Yarn 使用存放在專案目錄中的 yarn.lock。這些 “lockfiles” 看起來像這樣:

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
package-1@^1.0.0:
  version "1.0.3"
  resolved "https://registry.npmjs.org/package-1/-/package-1-1.0.3.tgz#a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0"
package-2@^2.0.0:
  version "2.0.1"
  resolved "https://registry.npmjs.org/package-2/-/package-2-2.0.1.tgz#a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0"
  dependencies:
    package-4 "^4.0.0"
package-3@^3.0.0:
  version "3.1.9"
  resolved "https://registry.npmjs.org/package-3/-/package-3-3.1.9.tgz#a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0"
  dependencies:
    package-4 "^4.5.0"
package-4@^4.0.0, package-4@^4.5.0:
  version "4.6.3"
  resolved "https://registry.npmjs.org/package-4/-/package-4-2.6.3.tgz#a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0"

這像是其它套件管理器如 Bundler 或 Cargo 所產生的鎖定檔,它也像 npm 的 npm-shrinkwrap.json,但它卻可以保證每次都產生一樣的結果。

Managed by Yarn

Your yarn.lock file is auto-generated and should be handled entirely by Yarn. As you add/upgrade/remove dependencies with the Yarn CLI, it will automatically update your yarn.lock file. Do not edit this file directly as it is easy to break something.

Current package only

During install Yarn will only use the top-level yarn.lock file and will ignore any yarn.lock files that exist within dependencies. The top-level yarn.lock file includes everything Yarn needs to lock the versions of all packages in the entire dependency tree.

Check into source control

All yarn.lock files should be checked into source control (e.g. git or mercurial). This allows Yarn to install the same exact dependency tree across all machines, whether it be your coworker’s laptop or a CI server.

Framework and library authors should also check yarn.lock into source control. Don’t worry about publishing the yarn.lock file as it won’t have any effect on users of the library.

See https://yarnpkg.com/blog/2016/11/24/lockfiles-for-all/.