Expand Minimize

Lock file missing

A lock file is used to lock down dependencies across projects, to ensure production uses the same dependency versions.

CheckId SPF050103
TypeName LockFileMissing
Severity Error
Type Project
Resolution

Include a lock file that lists all dependencies for your project.

Many Node packages use version ranges in their dependencies list. As a result, restoring dependencies in two different points in time results in different binaries which can lead to inconsistencies across the deployments. Using a lock file, it's possible to lock the versions of all dependencies ensuring consistency across all deployments.

Depending on the package manager that you're using and its version, there is a different way to create a lock file. If you use npm version older than 5, you can use the npm shrinkwrap command. npm@5 and Yarn create a lock file automatically when adding packages or restoring dependencies.

See also
Message Suppression

To suppress this violation in XML SharePoint code add the following comment right before the XML tag which causes the rule violation. Learn more about SuppressMessage here.

<!-- "SuppressMessage":{"rule":"SPF050103:LockFileMissing","justification":"Provide reason for suppression here"} -->
Disclaimer: The views and opinions expressed in this documentation and in SPCAF do not necessarily reflect the opinions and recommendations of Microsoft or any member of Microsoft. SPCAF and RENCORE are registered trademarks of Rencore. All other trademarks, service marks, collective marks, copyrights, registered names, and marks used or cited by this documentation are the property of their respective owners.