From f7ca48165d025e01c38698352cff24d1de87cc8b Mon Sep 17 00:00:00 2001
From: Brandon Mills <btmills@users.noreply.github.com>
Date: Sun, 17 Jan 2021 21:26:19 -0500
Subject: [PATCH] Docs: Explain why we disable lock files (refs
 eslint/tsc-meetings#234) (#14006)

---
 README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/README.md b/README.md
index 73a30990e50..b7a9d18ad62 100644
--- a/README.md
+++ b/README.md
@@ -136,6 +136,16 @@ Once a language feature has been adopted into the ECMAScript standard (stage 4 a
 
 Join our [Mailing List](https://groups.google.com/group/eslint) or [Chatroom](https://eslint.org/chat).
 
+### Why doesn't ESLint lock dependency versions?
+
+Lock files like `package-lock.json` are helpful for deployed applications. They ensure that dependencies are consistent between environments and across deployments.
+
+Packages like `eslint` that get published to the npm registry do not include lock files. `npm install eslint` as a user will respect version constraints in ESLint's `package.json`. ESLint and its dependencies will be included in the user's lock file if one exists, but ESLint's own lock file would not be used.
+
+We intentionally don't lock dependency versions so that we have the latest compatible dependency versions in development and CI that our users get when installing ESLint in a project.
+
+The Twilio blog has a [deeper dive](https://www.twilio.com/blog/lockfiles-nodejs) to learn more.
+
 ## <a name="releases"></a>Releases
 
 We have scheduled releases every two weeks on Friday or Saturday. You can follow a [release issue](https://github.com/eslint/eslint/issues?q=is%3Aopen+is%3Aissue+label%3Arelease) for updates about the scheduling of any particular release.