Good post, Lucas. I’ve seen version drift happen both before and after package-lock.json was introduced, and with yarn. Using `save-exact=true` is the best way to prevent this. The only time you may want to allow ranged version numbers is for peer dependencies.