Things move a little too quickly in the NPM ecosystem for my liking at times, modules updates can turn a working project into a broken build with a single
npm install; this is especially bad news if your Continuous Integration server is pulling your NPM dependencies with each build. Sometimes this can be the result of human error, other times it can be even more confusing leading to a lot of wasted effort in your team.
One way to bring order is to make use of
npm shrinkwrap which pins your project's
node_modules at fixed revisions ensuring that you get the exact same dependency graph each time you
npm install. One major benefit of this approach is that you can safely cache and re-use your node_modules folder between CI builds which should dramatically decrease your pull-request build times.
There are however a couple of downsides, the main one being that you can no longer just
npm install as NPM will not update
npm-shrinkwrap.json (so your teammates / CI server won't fetch it), instead you need to go through the following dance and then commit both
npm install --save my-dep npm dedupe npm shrinkwrap
You may wish to consider uber/npm-shrinkwrap which looks like it helps streamline the process somewhat.