NPM install VS NPM ci
npm ci in your CI/CD pipelines and
npm install on your machine.
npm install, you may notice that the command modifies your
package-lock.json file from time to time.
- different versions of npm (or other package managers) may have been used to install a package, each using slightly different installation algorithms.
- a new version of a direct semver-range package may have been published since the last time your packages were installed, and thus a newer version will be used.
- A dependency of one of your dependencies may have published a new version, which will update even if you used pinned dependency specifiers (1.2.3 instead of ^1.2.3)
- The registry you installed from is no longer available, or allows mutation of versions (unlike the primary npm registry), and a different version of a package exists under the same version number now.
Thus, if you are using
npm install in your CI/CD pipeline, it may make your builds not reproducible.