Yeah I think forcing one package manager might be the best solution, I don't see any sane way to keep both lock files in sync. There is a few solutions for syncing yarn-lock but none for package-lock that I could find if you use yarn.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I would force either NPM or Yarn, and commit lock file.
I have seen a scenario where code won't run because of exact version mismatch.
I know it is silly, but it is also as silly as indentation and prettier settings.
Yeah I think forcing one package manager might be the best solution, I don't see any sane way to keep both lock files in sync. There is a few solutions for syncing yarn-lock but none for package-lock that I could find if you use yarn.