I have read through the documentation on yarn commands and yarn.lock, and I was led to believe that the whole point of a yarn.lock file was to use the version specified in that file.
What I was curious about was: when is the version specified in yarn.lock actually used? I manually changed the version of a package in package.json, and reran yarn install, and the yarn.lock file was updated to use the new version. I thought it would be locked, so that it didn't matter what new version was specified in package.json, as long as the yarn.lock specified a version for that package, it would use that older version.
If this is how yarn.lock is supposed to work, then why not just specify the EXACT version in package.json, instead of using the ~ or ^ in front of the version numbers. Right now I have to do this in order to not change the yarn.lock file when running yarn install anyway.
So when is the locked version actually being used/is this the correct way of using yarn.lock?
If you change the dependency version in the package.json, the lock file will be updated to reflect that. The purpose of the lock file is two fold. One, to allow you (and your peers) to use the dependencies' versions which you know will work and have been tested for. And two, for dependency authors to specify what versions the dependencies of your dependencies to use. The goal is stability here.
If you want to play around and see the purpose of the lock file, create a your own npm module and push it to the npm registry with v1.0.0. Then in your project, add this module as a dependency with something like "myModule": "1.x.x". If you were to install your modules now, you would have "myModule v1.0.0", and your lock file would reflect this.
Now update your module to v1.1.0, and install your modules again. At this point, if you didn't have a lock file, you would get "myModule v1.1.0"., but because the lock file is like a snapshot of what your dependency tree should look like, you will stick with "myModule v1.0.0". Of course if you delete the lock file, a new one would be generated with "myModule v1.1.0". Likewise, updating your package.json would also update the lock file.