[wopian]

npm's lockfile is a pain to diff in PRs because of the JSON format where what was maybe 20 changed lines in yarn is upwards of 80 from the brackets.

With YAML and whatever format yarn.lock was in, the only changed lines are changes to the version resolutions, hash and dependencies.

[donatj]

I'd say safely merging YAML diffs however could be trouble.

I don't know how restricted their YAML subset is, but in my experience it's so loose a format the only way to be sure YAML says what you think it says is to run it through a parser.

[DuskStar]

I think if you're merging lockfile diffs, you're doing something wrong! Merge the package.json diffs and regenerate the lockfile.

[tlrobinson]

Yarn automatically resolves conflicts in yarn.lock if you run "yarn": https://github.com/yarnpkg/yarn/pull/3544

[shados]

If you're regenerating lock files, you're losing all your locks for the stuff that didn't change, which can lead to unpredictable bugs.

Fortunately as someone else replied, both yarn and npm have safe and easy ways to resolve merge conflicts in their lock files.

[drodgers]

> safely merging YAML diffs however could be trouble

Yarn will actually do the merging automatically — if you have conflict markers in your lockfile, just running yarn will parse them along with the rest of the file and produce a new lockfile with the changes from both diffs (unless there's a genuine conflict).

I assume that this feature won't go away with the new lockfile format

[Vinnl]

I hope so, but that feature wasn't there from the start: https://github.com/yarnpkg/yarn/pull/3544

Hopefully they'll be able to re-use much of that work for the Yaml file.

[Vinnl]

They do say "subset of YAML", so presumably that can make it easier. And hopefully they'll keep handling this for you.

[smt88]

As a heavy Open API Spec user, I can tell you that YAML is a nightmare to diff.

[zbentley]

Diffability is not a great argument against YAML/for JSON IMO. Tools can usually handle that for you.

What is the largest concern about YAML is that truncated documents are almost always still valid documents. The likelihood of that happening compared to, say, a git merge gone wrong is much lower, but the consequences are likely much worse.

I don't have a strong opinion on structured data file format, but that's an issue with YAML that often goes unmentioned.

[reconbot]

If you run `npm install` again it does detect the conflict and resolve it. https://docs.npmjs.com/files/package-locks#resolving-lockfil... But in practice I haven't found any changes that have been untenable to understand with a diff.

[dickeytk]

resolving conflicts isn't why I read the diff (yarn resolves automatically anyways) it's so I can see what has changed