The npm CLI uses the opt-in feature shrinkwrap to allow it’s users to lock down the exact versions of the dependencies installed into the node_modules folder. A lot of people think this is a useful thing, so dependency installs become repeatable.
Full article