Lock dependencies for installation #20
Description
📚 Context
Javascript applications (not libraries) should publish a npm-shrinkwrap file in the npm package, so when it's installed it downloads the exact same packages every time, without relying on package resolution as specified in the package.json.
✔️ Solution
We are using a monorepo with pnpm.
npm shrinkwrap is a command that is unaware of monorepos.
Analyze how to do it correctly.
📈 Subtasks
- research how to properly generate a shrink-wrap file for the CLI
- change the publishing to include the shrinkwrap
🎯 Definition of Done
- the exact same dependencies are installed every time for a CLI version