Open Lignum opened 5 years ago
Ok so i am not node master but isin't confirmed versioning change due to vulns ect be supposed to be done/upped in package.json
and package-lock.json
is just a image of a working version of dependencies? I know that both are supposed to be commited.
package-lock.json
is a dark art that nobody understands and everybody leaves to be
In seriousness, for some reason it seems to get updated whenever anybody runs npm install
, even if no deps are added, removed, or updated, so I'm kind of baffled to what its real function is
We had 3 vulnerabilities, one of them highly severe. I've updated all packages, and I don't expect breakage, but test it just in case. (I don't know how to use shittydl).