DEV Community

Discussion on: Don't trust SemVersioning in NPM Modules

 
trusktr profile image
Joe Pea

I mean,even if in theory npm install installs based on package-lock.json, it hasn't always been the case, and has varied from version to version of npm, and once you have a valid package-lock.json, npm ci is THE way to guarantee you are installing based on it.

No good, I know!