I know the semantic version expression, and I know I can get both behaviors which I previously express with the actual implementation of PIO.
My issue is more about workflow, mindset and tidiness. I like npm style since it clearly separates the update rules expressed by the developer (package.json) and result of the computation of such rules (package-lock.json).
So I would ask if there are reasons to avoid this well-known style (except time and money for developing such features).