Hey Daniel,
Totally 👍
I think you should pin by default, I wouldn't even provide some option to
disable it.
As others have touched on, which I forgot to include, is that a library can
choose to not include the lock file in SCM. Especially if the lib uses a CI for
testing, that should bring up
> The big struggle I have is that if we go the other direction, and as a result
> people's semantic versions become poorly specified, we will never be able to
> recover. The converse is not true, if we start with this direction and
> realize it doesn't work, we can relax our behavior.
Forgot to