reproducible builds

Problem to solve

nitrile fetch updates all packages to the latest versions possible. I think that a package manager should support fixing versions for various reasons. As far as I can judge most modern package managers support that.

Proposal

We would need variant of nitrile fetch which uses exactly the versions specified in the lockfile. The corresponding npm command would be npm install I think.

Documentation

The documentation of nitrile fetch would need to be updated and an entry for a possibly new nitrile command would have to be added.

Priority

For us (TOP Software) this is not too important on short term, but we probably want this at some point. We can contribute to the implementation if we agree on naming of a new command/option and exact behaviour.