It doesn't matter if you are developing in a team or solo. The package lock provides a clear vision which version of dependencies and dependencies of dependencies are being used,and sets them to a fixed version. You do not have any control of deeper dependencies without a package lock which can be reviewed. npm i updates dependencies without you noticing, that's why you use a npm ci when you want to rebuild your node modules.
When updating all packages you can create a specific feature and check those changes. Or automate it if you have decent test
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
It doesn't matter if you are developing in a team or solo. The package lock provides a clear vision which version of dependencies and dependencies of dependencies are being used,and sets them to a fixed version. You do not have any control of deeper dependencies without a package lock which can be reviewed.
npm i
updates dependencies without you noticing, that's why you use anpm ci
when you want to rebuild your node modules.When updating all packages you can create a specific feature and check those changes. Or automate it if you have decent test