Yarn lockfile should not be excluded from the repo

[hickscorp]

I randomly stumbled upon this repository and found an issue.

The yarn lockfile must be included in the repository, as it ensures that all dependencies and subdependencies are the same accross everyone's computers. That is why yarn was created in the first place to replace npm.

elm-webpack-starter/.gitignore

Line 5 in 039c6da

yarn.lock

The flow should be:

• Don't use NPM to install dependencies. Use Yarn instead.
• On the maintainer's computer, run yarn install.
• Commit yarn.lockfile to the repository.

This will ensure that everyone else have the exact same setup, allowing for easier tracking of bugs when they occur.

[mcmire]

If the README instructs people to run npm run reinstall, is it possible this project relies on NPM instead of Yarn? Maybe the authors just wanted to make things as easy as possible, or perhaps there's a specific reason.

[ryanolsonx]

Either way, there should be some sort of lock file. Maybe for acceptance we can have a package-lock.json as well. It's best practice to check the lock file in so that those who use the boilerplate have the exact versions of node_modules that a developer has while creating this and finding that things are working. As I worked on #68 and created a PR where I had to change package.json dependencies, I can fix this one too.