Lock Down Your Node Modules With NPM Shrinkwrap

Lock Down Your Node Modules With NPM Shrinkwrap

Daily Webdev Newsletter:

Premium and FREE Courses:

Like my videos and tutorials? Consider donating:

$100 DigitalOcean hosting coupon:


Yarn vs NPM:

Don’t forget to subscribe! Really appreciate it!

Best Shared hosting:

Premium Courses: (
ES6 for Everyone — The best way to learn modern ES6 JavaScript (
Sublime Text Power User Book (
React For Beginners (

I Found an Answer by Twin Musicom is licensed under a Creative Commons Attribution license (

Music: Mura Masa – Lotus Eater (Tonton Remix) by Underground Charisma

11 thoughts on “Lock Down Your Node Modules With NPM Shrinkwrap

  1. Hi @Pentacode, I tried to experiment on this, but problem I faced is, the shrinkwrap will get updated or resets, if you try to install new dependency.
    You have installed express with some version 3.X.X and this express requires its own dependency of 2.X.X.
    Now, I used shrinkwrap to change version of nested dependency to 3.X.X. It works after doing changes with npm i.
    But as soon as I install new package like nodemon, etc. The Shrinkwrap resets 3.X.X, back to 2.X.X.
    Have you faced this issue?

  2. will shrinkwrap freeze the entire dependency tree or just my direct dependencies or one or two levels only?

Leave a Reply

Your email address will not be published. Required fields are marked *