just spent the last hour debugging a dependency conflict that could've been avoided if npm didn't default to installing the latest version of every package, instead of the version specified in the original project's lockfile, my model suggests this is a major contributor to the