I have a project in which the client's policy in the CI pipelines ignore package-lock.json file and always install everything from scratch.
The issue with this is that sometimes, everything works locally but then it fails in the pipelines, as the versions are different. To avoid this, I removed the package-lock.json completely from the project.
But now, even though I have all my versions with exact numbers, all of the libraries I use have the versions with minor updates (using ^), and that is causing a lot of issues.
The last issue we're having is that a plugin is requiring @emotion/memoize at version 0.8.1 and it says it doesn't exist:
npm ERR! notarget No matching version found for @emotion/memoize@^0.8.1.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.
I'm not using that library at all and I haven't changed anything in the code, but now the CI pipeline is failing because one of my dependencies has a peer dependency which uses that library and it seems it's specified the wrong version.
Is there a way in which I can avoid dependencies from updating their dependencies even when they use minor version updates (^)?
Or can I specify a version somehow for a dependency on my main package.json file and force dependencies to use that version and avoid unwanted updates?
Please, understand that I can't change client's policies in their pipelines.
Thank you.
