Implement package.lock
The package lock file should contain the exact version of the package installed. When a new package is installed it should write down the exact version information in the lock file.
When a gpm install
command is executed the package lock should be used first, then gpackage.json
's version specifier should be used second.
When a gpm update
is executed it should ignore the lock file and update based on gpackage.json
's version specifier.
In use, the package.lock file will be checked in to source code control.