Using --prefer-offline for npm install is not best security practice

[smackfu]

🐞 Bug Report

Describe the bug

The npm install that is done in Step 5 uses the --prefer-offline flag to npm. While this is fast, it means your newly created project will have the same dependency versions as the last time you ran the generator, including any security issues. Best practice is to always use the current versions of packages when creating a new project. Otherwise you may start out with security vulnerabilities.

To Reproduce

Create a project using the template. The npm command will be run with --prefer-offline at the end.

Expected behavior

Either remove the flag or provide an option to not use it.

[oneamexbot]

🎉 This issue has been resolved in version 1.11.2 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀