npm shrinkwrap is useful, but maddening (once it's in place and you want to update a package).

Say you've got a package.json with module ember-cli as a devDependency currently at version 1.13.1. And you have an npm-shrinkwrap.json file too, generated with the --dev flag.

If you change the version of ember-cli to, say, 1.13.8 in package.json and run npm install, nothing will happen.

If you do that and manually change references in the shrinkwrap file, you will still have trouble (as nested dependencies may now be incorrect).

So what do we actually do?

npm install --save-dev --save-exact ember-cli@1.13.8

Note that without --save-exact your package.json will use the ^ caret matcher. (Although this may not matter thanks to shrinkwrap anyway…?)

npm shrinkwrap --dev

This will update the shrinkwrap file.

Note You may have to remove extraneous packages, because Shrinkwrap will yet at you if there are packages installed but not listed in package.json. For some reason, this means, for me, that I always seem to have to run rm -rf node_modules/npm-install-retry. ¯\_(ツ)_/¯