lfx.rushstack.io
The PNPM lockfile
It records the exact version number of every single package in your node_modules folder, along with topological information such as peer dependency relationships. This enables the package manager to reproduce the exact same node_modules folder structure regardless of whatever the "latest" versions might be on that day. The pnpm-lock.yaml file is serialized as human-readable text, in a format whose diff minimizes Git merge conflicts as much as possible. The file format also carefully avoids storing extra information that might not be portable between operating systems or NPM registry configurations.