package-lock.json keeps changing between commits

[diegodlh]

The package-lock.json lock-file keeps changing between commits, even when no changes to the Cita version number or to the development environment have been made.

The reason seems to be that different versions of npm producing different versions of package-lock.json lock-file are being used by different developers, or by the same developer in different environments.

We don't want to git-ignore this package-lock.json file, because we want everyone to be working on the exact same development environment.

We may use lockfile-version config in .npmrc to pin lockfile version to 2 or 3.

If we do so, I think we should also pin npm version to 8.1 or higher, because that seems to be when the lockfile-version config was introduced. To make sure that it will be honored. To do this we should set the engines parameter in package.json and the engine-strict=true config in .npmrc as described in https://stackoverflow.com/a/64820435.

@Dominic-DallOsto, what do you think about this? If you're OK with these changes, I may submit a pull request.

[Dominic-DallOsto]

Makes sense and sounds good!

[github-actions[bot]]

:rocket: This ticket has been resolved in v1.0.0-beta.0. See Release 1.0.0-beta.0 for release notes.