re: Using npm's `ls` command for Fun and Insight VIEW POST

re: Out of curiosity, if you are running nmp install within your CI/CD pipeline, would inconsistencies between package.lock and package.json not be pic...

George, if you have inconsistencies between the package manifest and the package lock, an npm install or a yarn install will produce different install results. Meaning to say, the lockfile will not be used as the source of truth.

Exactly for that you should actually use npm ci in order to force the lockfile.
I wrote about it in short here:

code of conduct - report abuse