Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

npm has long had a problem respecting lock files. The concept is easy: have a fixed lock file, get a reproducible build. But no: npm will change your lock file (I believe it's framed as "optimizing") without notice.

(Perhaps they've solved this in the last couple of years. I've been staying away from that ecosystem... too much growing in it...)



I think the trick is that you should use `npm ci` instead of `npm install` in most cases.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: