Should I add this generated file to my .gitignore so that it doesn't show up in my repository?
Should pubspec.lock be included in my repository?
For application packages, we recommend that you commit the pubspec. lock file. Versioning the pubspeck. lock file ensures changes to transitive dependencies are explicit.
Every pub package needs some metadata so it can specify its dependencies. Pub packages that are shared with others also need to provide some other information so users can discover them. All of this metadata goes in the package's pubspec: a file named pubspec. yaml that's written in the YAML language.
You shouldn't store credentials like usernames, passwords, API keys and API secrets. If someone else steals your credentials, they can do nasty things with it.
This answer has two parts, similarly to the question and answer in this question about Ruby bundler.
If you are working on an application package, then  you should keep the pubspec.lock file in your repository as a snapshot of your dependencies.
From the Pub glossary:
Application packages should check their lockfiles into source control, so that everyone working on the application and every location the application is deployed has a consistent set of dependencies.
However, if you are working on a library package, then you should not check in the lockfile.
From the Pub glossary:
Library packages should not check their lockfile into source control, since they should support a range of dependency versions.
See also the Pub glossary entry for lockfiles
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With