In my opinion, this really should be the default behaviour of all package managers. Having packages that update when running npm install is great for keeping packages from security breaches but semantic versions are not enforced and some maintainer do push breaking changes on minor or patch version and it becomes a nightmare to debug each one of the updated package when this happen. Installing exact versions does allow a more fine control over which packages should be updated or not. This is why it should become the default behaviour in my opinion.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
In my opinion, this really should be the default behaviour of all package managers. Having packages that update when running
npm install
is great for keeping packages from security breaches but semantic versions are not enforced and some maintainer do push breaking changes on minor or patch version and it becomes a nightmare to debug each one of the updated package when this happen. Installing exact versions does allow a more fine control over which packages should be updated or not. This is why it should become the default behaviour in my opinion.