Open Lignum opened 5 years ago
Wojbie
commented
5 years ago Ok so i am not node master but isin't confirmed versioning change due to vulns ect be supposed to be done/upped in package.json and package-lock.json is just a image of a working version of dependencies? I know that both are supposed to be commited.
Lemmmy
commented
5 years ago package-lock.json is a dark art that nobody understands and everybody leaves to be
In seriousness, for some reason it seems to get updated whenever anybody runs npm install, even if no deps are added, removed, or updated, so I'm kind of baffled to what its real function is
We had 3 vulnerabilities, one of them highly severe. I've updated all packages, and I don't expect breakage, but test it just in case. (I don't know how to use shittydl).