npm ci command reuses existing
package-lock.json files to meet dependency specifications, and does not (re)write them at build-time.
Two small side-effects:
- Local build without
package-lock.json(and thus the
gitworking directory) being modified
- More stable selection / installation of dependencies at build-time (todo: is this true? or would
npmstill go ahead and use updated package versions in some/most situations?)