Jump to content

What is package-lock.json for?

Recommended Posts

I am preparing to manually upgrade WHMCS from 7.2.3 to 7.5.1. Looking at the new files in 7.5.1 I find a new file named package-lock.json directly in public_html. What is that file for? Is it added there by a mistake? Can I delete it?

Link to comment
Share on other sites

  • 3 weeks later...
  • 1 month later...
On 6/21/2018 at 1:22 PM, WHMCS John said:

Hi @ditto,

You should already have a package-lock.json file if you're running 7.2.3.

This file is part of javascript package management, it is required, and should be left in place.

Are you sure about this John? There is no reason why this should be left in your online server as far as I'm aware on other softwares. That file is the Node JS output on the developer machine while generating source files. People are not running Node JS on their WHMCS servers so its useless. Of course I might be completely wrong but I'm curious why its advised leaving that redundant config file in place on a live production installation (not development system).

The less information you are giving attackers about the files running on a WHMCS installation the better. Listing all the versions to the whole world on what you are using seems like a bad idea.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated