## Summary
- Update the `pr-push` command to never stage `package-lock.json` unless
`package.json` has also been modified
- If `package-lock.json` is dirty but `package.json` is not, the
lockfile changes are discarded via `git checkout`
- Prevents spurious lockfile diffs from polluting commits and PRs

## Test plan
- Run `/dyad:pr-push` with a dirty `package-lock.json` but no changes to
`package.json` — verify the lockfile is not committed
- Run `/dyad:pr-push` with both `package.json` and `package-lock.json`
modified — verify both are committed

#skip-bugbot

🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- devin-review-badge-begin -->

---

<a href="https://app.devin.ai/review/dyad-sh/dyad/pull/2585"
target="_blank">
  <picture>
<source media="(prefers-color-scheme: dark)"
srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1">
<img
src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1"
alt="Open with Devin">
  </picture>
</a>
<!-- devin-review-badge-end -->


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Update the pr-push command to skip staging package-lock.json unless
package.json also changed. Prevents spurious lockfile diffs from local
npm install and keeps commits and PRs clean.

<sup>Written for commit dce6ac590eb28b9b46857075ece299bc4528a715.
Summary will update on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>