add yarn.lock to .gitignore

[viankakrisna]

I'm often cleaning my node_modules and reinstall it with yarn, and i notice that it always creates a new yarn.lock file. I think we should decide wether we want yarn.lock on the root of this project or not.

If we want to add it it, i'll close this and do #2012 instead.

[yordis]

IMO, the actual fix is adding the yarn.lock to the project.

[straku]

Yes, @yordis is right. Check out corresponding section in yarn documentation. https://yarnpkg.com/en/docs/yarn-lock#toc-check-into-source-control

[gaearon]

IMO, the actual fix is adding the yarn.lock to the project.

It is the right thing to do for apps but not for us (tools) because we want any problems with downstream deps to be caught by our CI.

I'm often cleaning my node_modules and reinstall it with yarn, and i notice that it always creates a new yarn.lock file

I was about to merge it, but then realized in this case yarn.lock would stay on your computer forever, and then CRA developers would potentially get locked on different tool versions. This will make it harder to diagnose problems in development. So I'd rather leave with it untracked.

There's likely some way to run yarn without creating a lockfile. That's what you should do when working on CRA.

[jdickey]

@gaearon To install without generating a yarn.lock, run yarn install --no-lockfile.

I'd also argue that we should consider adding --prefer-offline to pull packages from cache instead of downloading on each install. Thoughts?

[gaearon]

For CRA development, I want the latest versions so when deps introduce bugs, we can quickly see and fix them.

[viankakrisna]

@gaearon nice catch! maybe we should add in CONTRIBUTING.md for yarn users that they should do yarn install --no-lockfile

@jdickey thanks for the tip!