Previous attempt failed by design of `npm pack` / `npm publish`,
as documented at https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json :
> One key detail about package-lock.json is that it cannot be published,
> and it will be ignored if found in any place other than the toplevel
> package. It shares a format with npm-shrinkwrap.json, which is
> essentially the same file, but allows publication.
>
> This is not recommended unless deploying a CLI tool or otherwise using
> the publication process for producing production packages.
, and we are a CLI tool. Switching to shrinkwrap.
They were used a long time ago, then I scrapped them for simplicity to
new contributors. I'm re-considering this and re-introducing one, for
two (maybe three) reasons:
1. Reading on supply chain attacks
2. Build broken because of a dep change (see previous commit broken
because of a change in yargs @ 17.1.0)
(3.) Performance
It contains a weird mix of stuff and hides valuable files from view at the root of the repo. Better to have:
- Docs at the root
- Rest of the github/release-related hodgepodge (screenshots, scripts) in hidden folder .github
