Ensure yarn integrity check it performed when compiling a vendor DLL
The following discussion from !18407 (merged) should be addressed:
-
@pslaughter started a discussion: (+4 comments) question (non-blocking): Why include
./package.json
if we have./yarn.lock
? Isn't./yarn.lock
the source of truth for what dependencies are used? Or is it possible we need to be dependent on thescripts
in./package.json
?One minor thing to be aware of... it could actually cause hash changes if
package.json
andyarn.lock
is updated manually withoutyarn
(i.e. a simple bump inunderscore
). This would cause the vendor assets generated to be stuck in an old version even afteryarn
is ran.