The only downside I can see to auto-syncing after every change is that it’s not uncommon to want to chain commands together. Let’s say you want to remove package x from the manifest, and also update package y. The new version of package y requires package x version 1.2 or lower . Package x is currently locked at version 1.1. You run `rm package x`, `update package y`. The first command blows away your lockfile, and the second re-parses it, and woops, you’ve accidentally changed versions for package x, without meaning to or needing to. Hopefully you spot this change when you commit the lockfile, but…

Of course, a contrived example, but as your dependency tree gets bigger and more complex, the chances of such unintended consequences will steadily increase. Safer to defer to the developer as to when a state-change is warranted, imo.