I mean,even if in theory npm install installs based on package-lock.json, it hasn't always been the case, and has varied from version to version of npm, and once you have a valid package-lock.json, npm ci is THE way to guarantee you are installing based on it.
No good, I know!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I mean,even if in theory
npm install
installs based on package-lock.json, it hasn't always been the case, and has varied from version to version ofnpm
, and once you have a valid package-lock.json,npm ci
is THE way to guarantee you are installing based on it.No good, I know!