package.json is for you as the developer package-lock.json is for me (or the server) as the installer
The package.json will be considered only if the lock is missing, hence the reason why they invented the lock, because the package.json is not enough to guarantee repeatability
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
No, it reads the
package-lock.json.package.jsonis for you as the developerpackage-lock.jsonis for me (or the server) as the installerThe package.json will be considered only if the lock is missing, hence the reason why they invented the lock, because the
package.jsonis not enough to guarantee repeatability