Nested/conflicting transitive versions can duplicate packages or break semver assumptions. package-lock.json (or pnpm-lock.yaml) pins the resolved tree for reproducible installs. Interview angle: know difference between dependencies vs devDependencies and security audits (npm audit).
Having a tech or coding interview? Check 29 JavaScript & Node.js interview questions.