It doesn't matter if you are developing in a team or solo. The package lock provides a clear vision which version of dependencies and dependencies of dependencies are being used,and sets them to a fixed version. You do not have any control of deeper dependencies without a package lock which can be reviewed. npm i updates dependencies without you noticing, that's why you use a npm ci when you want to rebuild your node modules.
When updating all packages you can create a specific feature and check those changes. Or automate it if you have decent test
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
It doesn't matter if you are developing in a team or solo. The package lock provides a clear vision which version of dependencies and dependencies of dependencies are being used,and sets them to a fixed version. You do not have any control of deeper dependencies without a package lock which can be reviewed.
npm iupdates dependencies without you noticing, that's why you use anpm ciwhen you want to rebuild your node modules.When updating all packages you can create a specific feature and check those changes. Or automate it if you have decent test