We've been seeing some issues with package.lock getting out of sync and it's caused some issues locally and in our release pipelines. adding the .nvm recently was a good first step and next we should lock down and specify the node and npm versions in the engines section of our package.json to help alleviate issues with dependency management being out of sync and version mismatches.