fix: match npm install semantics by default

jspm / generator

JSPM Import Map Generator

Apache License 2.0

160 stars 20 forks source link

fix: match npm install semantics by default #285

Closed Bubblyworld closed 1 year ago

Bubblyworld commented 1 year ago

Changes behaviour with existing locks to match npm by default (i.e. if other install flags like freeze aren't set). The only difference is how we handle secondary locks: if they're in range for their parent package.json, we now use the lock, and if they're out of range we reset them to latest compatible, which is what npm does in these cases.

Bubblyworld commented 1 year ago

Note that these lock changes also affect non-install operations, which again matches npm's behaviour.