I'm using a NX monorepo. For deployment of the single apps, I am calculating which npm packages are needed by the app to create a very specific package.json file. So it is always a part of the monorepo package.json.
As the app is build with the npm ci cmd (to get clean installations), I do need a package-lockfile.json. But my understanding of this lockfile is poor. Right now I'm just using the package-lockfile.json of the monorepo. Can this couse any problems? I think this lockfile has too much informations, as it has all dependencies of the complete monorepo. My specific package.json file uses only a part of the monorepo package.json file.