build time) or when you actually ship (i.e. On the other hand, if you're shipping production software, you probably don't want to take this risk when cutting a release candidate (i.e.
Taking that risk in development is good because by definition that's when you're incorporating and testing software changes. Put differently, it's understood that all software changes incur some risk, and it's critical to be able to manage this risk on your own terms. It's not necessarily what you want for deployment, though, where you want to validate whatever bits you're actually shipping. This is great during development, where you want to keep up with changes upstream. You may get a bunch of bug fixes now that weren't available an hour ago.
This does mean that when you "npm install" a package with dependencies, there's no guarantee that you'll get the same set of code now that you would have gotten an hour ago, or that you would get if you were to run it again an hour later. npm keeps track of these constraints, and authors express what kind of changes are compatible using semantic versioning, allowing authors to specify that their package will work with even future versions of its dependencies as long as the semantic versions are assigned properly.
The software is constantly changing (releasing new versions), and each package has its own constraints about what other packages it requires to run (dependencies). The terrific success of github and npm have made code reuse especially easy in the Node world, where packages don't exist in isolation but rather as nodes in a large graph. Managing dependencies is a fundamental problem in building complex software.
Please refer to official npm documentation on shrinkwrap and/or lockfiles instead.
Offline_boltGetting Started The V8 JavaScript Engine Run Node.js scripts from the command line How to exit from a Node.js program How to read environment variables from Node.js How to use the Node.js REPL Node.js, accept arguments from the command line Output to the command line using Node.js Accept input from the command line in Node.js Expose functionality from a Node.js file using exports An introduction to the npm package manager Where does npm install the packages? How to use or execute a package installed using npm The package.json guide The package-lock.json file Find the installed version of an npm package Install an older version of an npm package Update all the Node.js dependencies to their latest version Semantic Versioning using npm Uninstalling npm packages npm global or local packages npm dependencies and devDependencies The npx Node.js Package Runner The Node.js Event Loop Understanding process.nextTick() Understanding setImmediate() Discover JavaScript Timers JavaScript Asynchronous Programming and Callbacks Understanding JavaScript Promises Modern Asynchronous JavaScript with Async and Await The Node.js Event emitter Build an HTTP Server Making HTTP requests with Node.js Get HTTP request body data using Node.js Working with file descriptors in Node.js Node.js file stats Node.js File Paths Reading files with Node.js Writing files with Node.js Working with folders in Node.js The Node.js fs module The Node.js path module The Node.js os module The Node.js events module The Node.js http module Node.js Buffers Node.js Streams Node.js, the difference between development and production Error handling in Node.js How to log an object in Node.js Node.js with TypeScript Node.Managing Node.js Dependencies with Shrinkwrap von Dave Pacheco, Offline_boltQuick Start Introduction to Node.js A brief history of Node.js How to install Node.js How much JavaScript do you need to know to use Node.js? Differences between Node.js and the Browser