I think the root of your problem is likely caching. NPM caches packages that have been downloaded, so they don’t have to be downloaded again, and they can even be re-installed offline if necessary. It also caches the resolved value for later use. If a package of the same version has already been resolved and … Read more
If you do in fact have a sub-dependency that is overly restrictive in what versions it will accept, you can override them using yarn. UPDATED EDIT: Yarn now, as of 1.0, officially supports the “resolutions” block. So the way to override resolutions is to just add a block like this to package.json: “resolutions”: { “package-a”: … Read more
The files have exactly the same content, but there are a handful of differences in how npm handles them, most of which are noted on the docs pages for package-lock.json and npm-shrinkwrap.json: package-lock.json is never published to npm, whereas npm-shrinkwrap is by default package-lock.json files that are not in the top-level package are ignored, but … Read more