George, if you have inconsistencies between the package manifest and the package lock, an npm install or a yarn install will produce different install results. Meaning to say, the lockfile will not be used as the source of truth.
Exactly for that you should actually use npm ci in order to force the lockfile.
I wrote about it in short here: dev.to/lirantal/so-you-think-youre...
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
George, if you have inconsistencies between the package manifest and the package lock, an
npm install
or ayarn install
will produce different install results. Meaning to say, the lockfile will not be used as the source of truth.Exactly for that you should actually use
npm ci
in order to force the lockfile.I wrote about it in short here: dev.to/lirantal/so-you-think-youre...