Force fixed versions in published packges


(Cezar Sîrbu) #1

Hi,

I find NPM dependencies being unreliable after i release my software.

If i will rebuild that software later it will contain different depdendencies versions, depends on if i am using those “^, *, ~” thingies.

I might not fully understood package-lock.json but in my environment(corporate network), the integrity somehow always differs, multiple proxies inside the network, and i end up recreating the package-lock.json once in a while, meaning… bringing up new stuff that can make my software fail.

Are there any plans on forcing packages to use fixed versions inside their depdendencies?

thank you!