We should have a standard package-lock.json. Version 2 is better, so we should aim to use it. The only slightly weird thing is if using stock Node v14, it ships with npm v6, which builds lockfileVersion: 1.
We can use package.json's engines field to denote which version of npm we accept, then we need to write a small script to run on postinstall as others have done.
There may be a way to not write a custom script and use core NPM to manage this.
We should have a standard
package-lock.json. Version2is better, so we should aim to use it. The only slightly weird thing is if using stock Node v14, it ships with npm v6, which buildslockfileVersion: 1.We can use
package.json'senginesfield to denote which version ofnpmwe accept, then we need to write a small script to run onpostinstallas others have done.There may be a way to not write a custom script and use core NPM to manage this.