I am running the npm install in a public GitHub repo and it has locked the express at 4.17.0 in package-lock.json file which is the correct behavior of package-lock.json file.
However, when I execute npm install git+https://github.com/nabeel-nazir confiz/package.lock.master.git in an empty folder then a package-lock.json file created with the new version of express locked at 4.17.1. I know there is a caret ^ sign in the source package.json but why the source package-lock.json is ignored this time?
My problem here is that when I execute npm install git+https://github.com/nabeel-nazir confiz/package.lock.master.git on the server it should create a package-lock.json file with express locked at 4.17.0 not with the 4.17.1 because the source package-lock.json file on the repo has locked the express on 4.17.0.
Is there any way I can achieve this i.e npm install git+https://github.com/nabeel-nazir confiz/package.lock.master.git will consider the source package-lock.json file and should not ignore it?
I am using the following versions:
npm version: 5.4.1
node version: 8.9.3
npm config get registry prints: https://registry.npmjs.org/
OS: Ubuntu 18.04
Side note:
I have tried npm install git+https://github.com/nabeel-nazir confiz/package.lock.master.git with followings as well but the issue was same i.e. it locked the express at 4.17.1
npm version: 6.14.4
node version: 13.12.0
npm config get registry prints: https://registry.npmjs.org/
OS: Ubuntu 18.04
Please comment If there is a need to provide more information on this question.
Thank you.
