George, if you have inconsistencies between the package manifest and the package lock, an npm install or a yarn install will produce different install results. Meaning to say, the lockfile will not be used as the source of truth.
Exactly for that you should actually use npm ci in order to force the lockfile.
I wrote about it in short here: dev.to/lirantal/so-you-think-youre...
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
George, if you have inconsistencies between the package manifest and the package lock, an
npm installor ayarn installwill produce different install results. Meaning to say, the lockfile will not be used as the source of truth.Exactly for that you should actually use
npm ciin order to force the lockfile.I wrote about it in short here: dev.to/lirantal/so-you-think-youre...