Practice lockfile management vocabulary: committing lockfiles, resolving conflicts, regenerating lockfiles, detecting unexpected dependency changes, and lockfile auditing.
0 / 5 completed
1 / 5
'The lockfile should always be ___.' Which verb describes adding it to version control?
The lockfile (package-lock.json, yarn.lock, pnpm-lock.yaml) should always be 'committed' to version control. This ensures everyone on the team and CI uses identical dependency versions.
2 / 5
'Conflicting ___ changes in PRs' — which noun fits here?
'Conflicting lockfile changes' happen when two branches both update dependencies, causing merge conflicts in package-lock.json or yarn.lock. The resolution is to regenerate the lockfile after merging.
3 / 5
'Running npm install ___ the lockfile.' Which verb fits?
'Regenerates' is correct: running npm install (or npm ci) with changed dependencies regenerates the lockfile to reflect the new resolved dependency tree.
4 / 5
'The lockfile ___ changed — check for unexpected dependencies.' Which noun fits?
'Lockfile hash changed' means the lockfile's content changed unexpectedly — possibly due to an inadvertent npm install or a dependency that updated despite no explicit version change.
5 / 5
What is the purpose of a 'lockfile audit'?
A lockfile audit reviews what changed in the lockfile — new packages, version changes, deep transitive dependencies — to catch supply chain attacks or accidental dependency upgrades before they reach production.