Hi I am not sure if I am doing things correctly. Whenever I rebase an hit an issue with package.json and the lock file. I fix the package.json, but then delete the lockfile and just run pnpm i again.
But recently I noticed an issue where the lockfile in the master branch and a newly generated lockfile were different.
My team members were like, you should never try to generate a new lockfile. Just keep running pnpm i.
So am I doing this wrong, or do you think we actually have botched locking file in our master branch?
When there are conflicts, you may run pnpm install. pnpm will automatically resolve the conflicts and create a new lockfile that you may commit.
IMO, removing the lockfile and running pnpm install is also fine. However, some teams prefer to update dependencies as rarely as possible. If you remove the lockfile, newer versions of dependencies might be installed.
You may also try the resolution-mode=time-based setting. With this setting dependencies will be rarely updated. Even if you remove the lockfile.