Deno Lockfiles

[lishaduck]

Describe the enhancement

I noticed that deno.lock isn't marked as generated. As I looked at the source code for marking things as generated, I wondered if there's a reason for individualizing marking each ecosystem? Given that .lock feels pretty standard now, would it be possible to autodetect any lockfile, including deno.lock?
Alternatively, could y'all add deno.lock/would y'all be open to contributions for it?

[lildude]

I wondered if there's a reason for individualizing marking each ecosystem? Given that .lock feels pretty standard now, would it be possible to autodetect any lockfile, including deno.lock?

Yes, because not everyone wants their lock files marked as generated as is the case with yarn.lock following the discussion in #4348

Alternatively, could y'all add deno.lock/would y'all be open to contributions for it?

We're happy to accept a PR, but keep in mind the yarn community's decision; maybe the demo community expects the same?

[lishaduck]

I wondered if there's a reason for individualizing marking each ecosystem? Given that .lock feels pretty standard now, would it be possible to autodetect any lockfile, including deno.lock?

Yes, because not everyone wants their lock files marked as generated as is the case with yarn.lock following the discussion in #4348

Ah, yes. I recall seeing that. That makes a lot more sense now.

Alternatively, could y'all add deno.lock/would y'all be open to contributions for it?

We're happy to accept a PR, but keep in mind the yarn community's decision; maybe the demo community expects the same?

Given the differences between PnP and HTTPS imports, and particularly that much of the ecosystem doesn't use lockfiles (as esm.sh messes them up), I don't think that Yarn's security argument applies here.