@lopu

Yes that’s how nodejs app’s work with packages. Actually when using npm( yarn has a different lock file) will look at the package-lock.json for the exact version it will use:

https://stackoverflow.com/questions/44297803/what-is-the-role-of-the-package-lock-json