I understand that even if you have the package-lock it will have no effect on any npm install ran on you machine, docker or CI/CD. That's why it is always updated after an npm install.
It only makes a difference if you ran npm ci, right?
Almost, npm i always reproduces the same build from package-lock.json. Unless the dependencies are changed. Then it will update the package-lock.json to reflect those changes. It does not ignore the package-lock.json, as that would change your dependencies every time some nested dependency releases a new (patch?) version that satisfies its dependency requirement.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I understand that even if you have the package-lock it will have no effect on any
npm installran on you machine, docker or CI/CD. That's why it is always updated after annpm install.It only makes a difference if you ran
npm ci, right?As far as I know, yes. (Although I'm aware you wanted the author to answer you).
npm ciis has been very useful for consistent development and ci-build environments, for me at least.Almost,
npm ialways reproduces the same build from package-lock.json. Unless the dependencies are changed. Then it will update the package-lock.json to reflect those changes. It does not ignore the package-lock.json, as that would change your dependencies every time some nested dependency releases a new (patch?) version that satisfies its dependency requirement.