Always package-lock dependency libraries creating problem. When we are trying to do npm install there is no issues but when we try merge the code to master branch build failed. One of the dependency library failing. when we see it jfrog that library critical due lower version and expecting higher version to upgrade. We have modify directly in package-lock file and check in the code that issue resolved but other library coming. what is the best way to identify and resolve the problem?

CodePudding user response：

Try using npm ci instead of npm install when you build for deployment. As I understand it, this command will use the package-lock.json file.

Use npm install and commit changes to the package-lock.json file when your intent is to update the dependencies for deployment.

This is recommended in the docs and could help you to control the package-lock.json file and get consistent builds.