Y
Hacker News
new
|
ask
|
show
|
jobs
by
n_e
2241 days ago
The "idiomatic way" is to use a package-lock.json, which keeps the dependencies (and transitive dependencies) at the exact version specified unless you decide to upgrade them.