[RunawayGalaxy]

What do you think is happening when you `npm install` or `yarn add` a package?

[judge2020]

`npm`/`yarn` have hash checks when using the lockfile (side note: you should be using `npm ci` in your deployments so it doesn't install newer versions). Maybe there could be a lockfile system for webpack that would verify a file like the one they suggest doesn't change between installs and systems.

[realPubkey]

Doesnt deno also have a lockfile?

[rhacker]

That's why I don't want to use it personally, it's all in the imports. Making things a pita when you want to just upgrade something.