I know I will be buried in these comments but PLEASE NO. Do NOT pin specific versions in you package.json unless you know you need to.

Instead DO USE package dependencies pinning as much as possible:

1. Commit and keep package-lock.json / yarn.lock files

2. Use the right commands in CIs (npm ci / yarn install --frozen-lockfile)

3. Teach others