It misses the whole point of version-control if you're not adding your lock files (yarn.lock, package-lock.json, or composer.lock) to your repos. Think about it this way: there should be as few steps as possible between git checkout and a fully functional version of your app. It's totally acceptable to defer version-controlling lock files until a release is published, but whatever your version-control strategy, it should include the lock files, for sure.

The same goes for build assets in public/build or similar location. If you're doing the build in a CI/CD pipeline, that's fine. Just make sure there is a "source of truth" and an audit trail that verifies the assets are authentic. Version-controlling with git is the perfect way to do it.

So remove yarn.lock from .gitignore, and don't look back.