Package-lock.json pins only first-order dependencies (opens in new tab)

(twitter.com)

2 pointsmikehall3144y ago1 comments

1 comments

1 comments · 1 top-level

Doesn't using `npm ci` instead of `npm install` keep transitive dependencies pinned as well?

j / k navigate · click thread line to collapse