Yeah even ive ran into problems where 100s of lines were updated in my package-lock.json so i think it is because a lot combinations are possible like i mentioned above plus if you've seen dependabot commits, they update package-lock to bumb versions but along with that they also change the integrity hash so it doesn't end up creating conflicts.
also a lot of time we pull from other branches so if any of them updated your dependent package they may end up updating the tree in package-lock
so yeah a lot of permutations and combinations to think about :(
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Yeah even ive ran into problems where 100s of lines were updated in my package-lock.json so i think it is because a lot combinations are possible like i mentioned above plus if you've seen dependabot commits, they update package-lock to bumb versions but along with that they also change the integrity hash so it doesn't end up creating conflicts.
also a lot of time we pull from other branches so if any of them updated your dependent package they may end up updating the tree in package-lock
so yeah a lot of permutations and combinations to think about :(