nodejs-lock-file

package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.

These information are useless from a debian point of view, because version are managed by dpkg.

Moreover, package-lock.json feature to pin to some version dependencies is a anti feature of the debian way of managing package, and could lead to security problems in the likely case of debian solving security problems by patching instead of upgrading.

Severity:	error
Experimental:	false

See also

• list of all the affected packages
• the source of this tag

Generated by Lintian SSG v0.7.0-28-g559962f (lintian v2.118.1) on Sat, 07 Sep 2024 19:15:02 UTC - Source code and bugs
Copyright © 1998-2024 Lintian authors

Hosted by CLUB1