we are developing an large web application which depend some private npm packages and public packages. we need to lock the version, but we can not sure which time to update these package and update the lock file.
In my web project, I update lock files only if i add, update, remove a node package for my project. In this case, I take advantage to update all packages of my lock files.
For the other developers who work in my web project, they use cmd :
npm ci
or
yarn install --frozen-lockfile
They must not absolutely modify the lock files.
Furthermore, i am sure that everybody have the same environment (for behavioral reproduction).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.