Lock vs Non-Lock Manifests

most package managers support some form of version syntax when you include packages, this allows the user to instruct the package manager about what ranges of versions may be automatically installed when the package manager installs packages for instance, you may wish to update all minor versions but not the next major this works great until you are ready to release code and want to ensure you are using a known and tested version of a package this is where lock files come into play a lock file contains the exact package versions that were installed when the lock file was generated, or updated for package managers which support them, soos recommends turning on the use lock file setting, found under dependency configurations docid\ au5a2yyr9kchwhitdl u1 , as it gives soos the most accurate version of the packages used in your codebase to scan against supported languages and files docid 9tpi fweiez819mb4y2 j contains information about manifest formats and lock files