Should project.lock.json file be checked into source control? (ASP.NET Core 1.0)
Using ASP.NET Core 1.0, is it best practice to check in the project.lock.json file into source control?
Short answer: No, project.lock.file should not be checked into source control - you should configure the version control system to ignore it (i.e. add it to .gitignore if you're using git). Long answer: The project.lock.json contains a snapshot of project's whole dependency tree - not just packages listed in "dependencies" sections, but also all resolved dependencies of those dependencies, and so on. But it is not like ruby's Gemfile.lock. Unlike Gemfile.lock, project.lock.json doesn't tell dotnet restore which exact versions of packages should be restored - it simply gets overwritten. As such, it should be treated like a cache file and never be checked into source control. If you check it into version control, then most probably on other machine: dotnet will think that all packages are restored, but in fact some packages might be missing and the build will fail, without hinting the developer to run dotnet restore project.lock.json will be overwritten during dotnet restore and in most cases will be different than the version stored in source control. So it will be modified in almost every commit project.lock.json will cause conflicts during merge
No, it is just a lock file, really you should never check it in when a lock file exists (except if the program who locked it wants to check it into source control, in that case, exclude your lock file!).
Actually you do want to commit your project.lock.json in git sometimes. Checking your project json For the exact reasons that, it shows you the dependencies you have used. Say: Me as a developer works on an application, i hate every time updating packages so i add a package dependency to nuget package X = 1.* I restore package i get version 1.2.4 The package maker just made a very stupid mistake, he broke something while just trying to make a fix and release 1.2.5 Person 2 checks out (or even worse release build kicks in). Person 2 restores and gets version 1.2.5 Person 2 runs your application and find the application is broken. Person 2 starts debugging and thinks there must be a bug in the software. At this step 7 Person 2 could have seen in git that his lock file was changed and a newer version of a library has been downloaded, Which has not been tested by any of the other developers! Downsides Downsides of checking in this file is you might get allot of merge conflicts on continues updates of packages. Alternative solution Use only hard version dependencies (this is quite hard though for nuget). And only manually update to newer version once in a while. Downsides This doesn't work if you build a library for other people to use, since you pin them to a certain version of your dependencies. Dependencies of dependencies still get resolved automatically so if you don't specify them yourself you can't guarantee there version on dotnet restore Conclusion If you want to avoid 'Works on my machine' quotes and the hell of constantly manually updating to newer version: Checking the project.lock.json. And also build a CI/Release build check to test if this file wasn't changed compared to git, before you release (If your software is very critical)! If this is not a problem and also automatically updating (to a potentially broken package) is not a big problem, you might not want to commit your project.lock.json.
How to create a WIX installation for ASP.NET WebSites?
Does output cache in ASP.net takes the fragment into consideration
Different output cache timeout for different usercontrols
asp.net: what's the page life cycle order of a control/page compared to a user contorl inside it?
Adding classic code behind asp.net page to asp.net mvc 3
Asp.Net difference between doPostBack & DoPostBackWithOptions
Visualize the traces written after or before a page cyclelife in asp.net
RAD Editor Dialogs Failing with UrlRewritingNet (Telerik KB Article: “Web.config registration missing!” not helpful)
How to apply stylesheet in our user control
how to collect json data in asp.net web page
How to resolve error while implementing DES encrypt/decrypt in asp.net?
URL link in SQL DIRECT
How to create an RSS feed in ASP.NET 3.5?
Using Web.Config Active Directory Connection String
Compiler Error Message: CS0433: The type 'MasterPage' exists in both 'c:\~\App_Web_ogmril5q.DLL' and 'c:\~\App_Web_ogmril5q.DLL'
how to insert data in to grid view using asp.net without database