Description
Creates or uses dependency lockfiles for reproducible build environments, helping builds use the same inputs over time. It is useful when developers need to rebuild software later and prove that the dependency set did not silently change.
Lockfiles can pin old or vulnerable dependencies if they are not maintained. Review them regularly and keep the source of dependency metadata trustworthy.