I put pnpm-lock.yaml into .gitignore, so there's never a conflict.
I often build libraries rather than applications, so that I should ensure my package.json contains the proper version constraints, because the dependents of my libraries would not consider what's in my lockfiles.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I put pnpm-lock.yaml into .gitignore, so there's never a conflict.
I often build libraries rather than applications, so that I should ensure my package.json contains the proper version constraints, because the dependents of my libraries would not consider what's in my lockfiles.