DEV Community

Discussion on: When not to use package-lock.json

Collapse
 
krohrsb profile image
Kyle Brown

The solution for the stated problem is not not using lock files. It should be choosing pinned dependencies vs ranges.

Collapse
 
ljharb profile image
Jordan Harband

No, it's not, because pinning dependencies doesn't pin their dependencies. The only way to do this properly in an application is with a lockfile (NOT pinning anything). The only way to do this properly in a package is to use ^, always.