Generating lock file for individual package

We have a lerna monorepo which contains our packages and projects that use those packages.

We can deploy just using the package.json file in our project and that works fine (on Netlify), however we’d like to deploy the projects in a way where we know what the packages and dependencies will be when we deploy them - ie. with a lock file.

If we use the root lock file then we’re missing the dependencies from the project. If we use the package file in the project then we don’t get the benefit of the locked down packages.

If we generate a lock file (package-lock.json) for the project by using lerna exec -- npm install --package-lock then we get the locked files and can deploy fine, however we’ve had weird issues with dependencies happening that stop it working properly, plus releasing new packages means we need to re run lerna exec -- npm install --package-lock after a bump so the package lock is up to date!

Does anyone have any ideas, workflow suggestions or general tips to help out

Project structure is

packages/internal-package-1
packages/internal-package-2
packages/internal-package-3...
projects/app-1
projects/app-2
lerna.json
package.json
yarn.lock

We build the apps as part of the Netlify deployment. They are Create React Apps. Currently we’re running it with the package.json option with no lock file and that works, just with the downside of no locked packages.