npm shrinkwrap is useful, but maddening (once it's in place and you want to update a package).

Say you've got a package.json with module ember-cli as a devDependency currently at version 1.13.1. And you have an npm-shrinkwrap.json file too, generated with the --dev flag.

If you change the version of ember-cli to, say, 1.13.8 in package.json and run npm install, nothing will happen.

If you do that and manually change references in the shrinkwrap file, you will still have trouble (as nested dependencies may now be incorrect).

So what do we actually do?

1. rm npm-shrinkwrap.json

   This is not ideal, as you may theoretically get lots of new versions of unrelated packages' dependencies, but it seems to be necessary; otherwise, because your new version of ember-cli has itself updated the versions of its dependencies to versions incompatible with those your shrinkwrap, you are going to end up with invalid packages. And npm shrinkwrap will not abide.

   Hey, at least this is happening to you on development, not a production deploy.

2. Update your package.json so your package is the version you want, rm -rf node_modules/ember-cli, and then npm install. Or, run

   npm install --save-dev --save-exact ember-cli@1.13.8

   Note that without --save-exact your package.json will use the ^ caret matcher. (Although this may not matter thanks to shrinkwrap anyway…?)

   (If one of these approaches works better for you, let me know and I will update this gist.)

3. Finally, run

   npm shrinkwrap --dev

   This will recreate a new version of your shrinkwrap file.

   Note You may have to remove extraneous packages, because Shrinkwrap will yet at you if there are packages installed but not listed in package.json. For some reason, this means, for me, that I always seem to have to run rm -rf node_modules/npm-install-retry. ¯\_(ツ)_/¯