Can Angular package-lock.json lock nested dependencies?

Question

Angular CLI: 11.0.3
Angular: 11.0.9
Node: 14.20.1
Ivy Workspace: Yes

I need package A, it requires package B, which requires package C.

The package B -> C dependency is expressed as ^2.0.12

I'd like to lock that dependency to 2.0.10

Can I add this to package-lock.json to achieve this?

Answer 1

In the package.json you can use

• if you use yarn the resolutions part for this
• if you use npm the overrides part for this

in package A with yarn :

  "resolutions": {
     "C": "2.0.10"
  }

in package A with npm :

"overrides": {
     "C": "2.0.10"
}