With a proper `package-lock` and `nvm` i picked up 3 or 4 year-old projects, installed everything with one `npm install`, made my changes and never faced a problem.
Edit: I remember facing one issue with `node-gyp` but that was just a poor choice of packages that were trying to be too native.
To counterbalance that anecdote, I have never picked up a JavaScript project more than a year old and not have to mess with the build system or package versions in order to deploy some small update.
I just picked up a project after 2 years. When i left it, eveything worked fine. Npm run and it spun right up.
Today, nothing works, module resolution problems everywhere. It's going to take me days of fixing the build system now just to get the initial compile working again.
Your host might eventually drop the Node version you are running on, and then the house of cards come crashing down. You might have a dependency that doesn't support the new Node version you need to run.
This is why I build my personal projects in PHP even though I'm not really a fan. I use PHP and JQuery. It'll work basically forever and I can come back to it in 15 years and it'll still work.
It's still great for a lot of things. It's not necessary now but you still write way less code with it and it's got a ton of functions that there are no implementations of in the browser.
Plus you basically get it for free because it's browser cached because 75% of the sites out there are using it.
That's mostly why!, you need to have installed something. If you don't use a build step you don't even need nodejs, your browser is your only dependency.
They were being pedantic, in that `package-lock` is a thing, and `package.lock` (which is the comment originally said) doesn't. Because apparently a typo invalidates whatever experience you have.
You seem to have missed that my comment was a response to pedantry. It was not, in itself, an attempt at pedantry, let alone pedantry unprovoked.
If someone writes a comment intended to come across as knowledgeable about something (NB: in service of trying to downplay the experience of others, including the person they are responding to), but their self-report gets something as wrong as referring to package-lock.json as "package.lock", which is in the ballpark, but far enough off to be weird, then it raises questions about just how much experience they actually have with that thing (including and especially relative to the person they were trying to contradict).
With a proper `package-lock` and `nvm` i picked up 3 or 4 year-old projects, installed everything with one `npm install`, made my changes and never faced a problem.
Edit: I remember facing one issue with `node-gyp` but that was just a poor choice of packages that were trying to be too native.