Maybe that's why every time I run npm i locally the package-lock.json file changes

It is better we could update docs here? https://github.com/apache/skywalking-booster-ui#development

It is better we could update docs here? https://github.com/apache/skywalking-booster-ui#development

What do you want to add?

npm ci is preferred in CI environment only while npm install is still preferred in local development, we don't bother to change developers experience, I have also updated the command in GHA to ensure the package.json and package-lock.json is in sync so no commit breaking that will be merged.

I want to discuss what is recommend when we run skywalking UI/backend build. The difference would make veraions in license file not match the binary.

I want to discuss what is recommend when we run skywalking UI/backend build. The difference would make veraions in license file not match the binary.

You don't understand how this is fixed.

This patch resolves the problem that package-lock.json doesn't lock some dependencies versions because they are missing in package-lock.json file. It also guarantees that this case won't happen again in the future by making sure the package-lock.json is in sync with package.json.

When developers build/install without any changes the versions are guaranteed by the lock file so no version is changed.

When developers upgrade any dependencies in local machine, they also have to make sure the two files are in sync otherwise the CI would fail.

I want to discuss what is recommend when we run skywalking UI/backend build. The difference would make veraions in license file not match the binary.

There is nothing changed in building the UI. Just keep everything every command the same as before.