Yarn.lock 이란?

https://stackoverflow.com/questions/39990017/should-i-commit-the-yarn-lock-file-and-what-is-it-for

Should I commit the yarn.lock file and what is it for?

What is yarn.lock?

It is a file that stores the exact dependency versions for your project together with checksums for each package. This is yarn's way to provide consistency for your dependencies.

To understand why this file is needed you first need to understand what was the problem behind original NPM's package.json. When you install the package, NPM will store the range of allowed revisions of a dependency instead of a specific revision (semver). NPM will try to fetch update the dependency latest version of dependency within the specified range (i.e. non-breaking patch updates). There are two problems with this approach.

1. Dependency authors might release patch version updates while in fact introducing a breaking change that will affect your project.

2. Two developers running npm install at different times may get the different set of dependencies. Which may cause a bug to be not reproducible on two exactly same environments. This will might cause build stability issues for CI servers for example.

Yarn on the other hand takes the route of maximum predictability. It creates yarn.lock file to save the exact dependency versions. Having that file in place yarn will use versions stored in yarn.lock instead of resolving versions from package.json. This strategy guarantees that none of the issues described above happen.

yarn.lock is similar to npm-shrinkwrap.json that can be created by npm shrinkwrap command. Check this answer explaining the differences between these two files.

대충 이런 내용인것 같다

package.json에는 npm이 관리하는 패키지들이 적혀있다. 그리고 거기에 적힌 패키지들은 각자 여러 버전을 갖고 있을것이다. 근데 A라는 패키지와 B라는 패키지는 서로 호환되는 버전이 있을것이다. 예를들어 A는 1.0.0 B는 1.3.0을 사용할때 서로 사용이 가능한것이다. 좀 더 나아가서 A가 1.0.0일때 B가 1.0.0 ~ 1.3.0 버전까지 사용가능하다. 뭐 이런 범위 지정까지 가능한것같다.

 

이런 패키지간의 호환가능(?) 버전에 대한 정보가 담긴것이 yarn.lock이라는 파일안에 적히는것같다.