We use npm (not yarn) and we want to make sure our netlify builds install the versions of packages in our package-lock.json file.
Your docs here say that you run
npm install to install dependencies at build time, but npm install will overwrite the package-lock.json file. I read in another forum that you evaluated using
npm ci (which is the npm command to do what we want: install the packages listed in the package-lock file) but decided against that.
So, what method can we use to ensure that a particular SHA in our repo will always install the same dependencies? (I guess we could have a build command check to see if the package.lock file is dirty and throw an error, but this seems REALLY roundabout and will cause unnecessary failures). I figure we can’t be the only dev shop who wants predictable build behaviors, I just haven’t figured out the netlify way to do this…