re: Stop tracking and start ignoring VIEW POST


You should not ignore package.json, it is a key file shared between all the developers defining package dependencies. You should ignore build artefacts and installed dependencies and user specific configuration files such as IDE configuration, that is specific to a single user. Note that some IDE config files you don't want to ignore such as build configurations because they're the same for the whole team.


Wow! Thank you so much for your valuable comments everyone. But, in my defense I want to make it clear why I talked about deleting package.json and Gemfile.lock files.

  1. I said I deleted the package.json file because, The project was my personal static website hosted on GitHub pages. I used gulp as a dev dependency and to me it was never needed to be on the repo since I use a single machine for development.
  2. I talked about me deleting the Gemfile.lock file because, my blog is also hosted on GitHub pages and is rendered with Jekyll. So, I do not know the consequences of keeping the file in the repo which is deployed in an environment which I don't have control of.

Thank you all again for pointing out the importance of package.json, package-lock.josn, Gemfile and Gemfile.lock files being in the repo 🙂


This is true.

package.json should exist in case one of your dependencies in package-lock.json is platform specific and package.json is used for finding a compatible version.


True. Also Gemfile and Gemfile.lock should be included for the same reason.


It's worth mentioning that both package.json and package-lock.json should be included in the repo. The first allows to install dependencies fresh, and the second one is necessary for the npm ci command, indispensable for any continuous integration setup. I've seen people who kept package.json but ignored the lockfile, and it did cause me problems a few times...

code of conduct - report abuse