refactor: Remove lockfiles

[stephenmathieson]

Keeping package-lock.json files here causing contributor problems and prevents CI from testing with the latest versions of our dependencies. They provide no value, so they're being removed.

[colinrotherham]

@stephenmathieson Thanks for looking at this

Lerna now recommends using workspaces if that's easier?

useWorkspaces & packages​

Since Lerna was created, all major package managers (npm, yarn, and pnpm) have added the ability to cross-link packages in the same repo and dedupe node modules. If you'd like Lerna to delegate this process to the package manager you use, set useWorkspaces: true in lerna.json.

Lots of benefits such as:

1. Project level package-lock.json only
2. Project level npm audit works again
3. Much faster install (including npm ci)

With lerna bootstrap being deprecated you'll find lerna link isn't needed either (npm does it instead)

Lerna config

Add { "useWorkspaces": true } to let npm install/link/hoist dependencies

npm config

Add { "workspaces": [] } so npm starts managing child dependencies

"workspaces": [
  "packages/*",
  "packages/react/examples/*",
  "packages/webdriverjs/tests/example",
  "axe_core_test"
],

[stephenmathieson]

@colinrotherham Thanks for the information. However, the idea here is to remove the lockfiles entirely. They only make work work for us.

[colinrotherham]

@stephenmathieson Ah so even a single project lockfile is too much?

Don't worry

[straker]

Closed via switching to npm workspaces #687. If we still feel the package-lock file presents a problem, we should open an issue to discuss it.