kimmobrunfeldt
commented
5 years ago Hi! Thanks for the effort, this is definitely a good change. For security reasons, I'll do this package-lock.json file myself because it's really hard to review the whole file and I don't know exactly the implications of what could be done by adding a small malicious package in package-lock.json. I'm not saying you would ever do this, but it's better to be cautious. Hope you understand.
dominik-bln
Add package-lock.json to ensure exact versions as recommended:
https://docs.npmjs.com/files/package-lock.json#description