That hasn't always been the case, and if that is what you want that is why they recommend using npm ci instead of npm install so that package-lock.json will absolutely dictate which dependencies you install.
I mean,even if in theory npm install installs based on package-lock.json, it hasn't always been the case, and has varied from version to version of npm, and once you have a valid package-lock.json, npm ci is THE way to guarantee you are installing based on it.
No good, I know!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
That hasn't always been the case, and if that is what you want that is why they recommend using
npm ciinstead ofnpm installso that package-lock.json will absolutely dictate which dependencies you install.I mean,even if in theory
npm installinstalls based on package-lock.json, it hasn't always been the case, and has varied from version to version ofnpm, and once you have a valid package-lock.json,npm ciis THE way to guarantee you are installing based on it.No good, I know!