Add "pinning" requirement for package dependencies to CONTRIBUTING.md.

2025-09-22 05:40:48 +02:00 · 2023-05-19 21:07:37 -07:00 · 2023-05-19 21:07:37 -07:00 · c277d6d482
commit c277d6d482
parent 81ba8f6f54
1 changed files with 6 additions and 0 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -17,6 +17,11 @@ Do not add new [`dependencies` to `package.json`][dependencies]. The Markdown
 parsers [`markdown-it`][markdown-it] and [`micromark`][micromark] are the
 project's only dependencies.

+Package versions for `dependencies` and `devDependencies` should be specified
+exactly (also known as "pinning"). The short explanation is that doing otherwise
+eventually leads to inconsistent behavior and broken functionality. (See [Pin
+your npm/yarn dependencies][pin-dependencies] for a longer explanation.)
+
 If developing a new rule, start by creating a [custom rule][custom-rules] in its
 own project. Once written, published, and tested in real world scenarios, open
 an issue to consider adding it to this project. For rule ideas, see [issues
@ -83,4 +88,5 @@ Thank you!
 [micromark]: https://www.npmjs.com/package/micromark
 [new-rule]: https://github.com/DavidAnson/markdownlint/labels/new%20rule
 [npm-scripts]: https://docs.npmjs.com/misc/scripts
+[pin-dependencies]: https://maxleiter.com/blog/pin-dependencies
 [rewriting-history]: https://git-scm.com/book/en/v2/Git-Tools-Rewriting-History