This is the scenario:
I have a package, say package-a that depends on package-b. I have version 2.0.0 of package-a depends on version 1.1.0 of package-b. I specified this dependency using the notation: ^1.1.0. I generated the lock file and then the shrinkwrap. I then publish package-a to the repository.
My understanding is that the above ensures that whenever version 2.0.0 of package-a is installed it will always use version 1.1.0 of package-b even if there are newer version of package-b.
This does not seem to be the case, because when I bumb package-b to 1.2.0, then I deleted package-a and re-installed it, when I check its node_module, I see it installs version 1.2.0 of package-b with it (instead of 1.1.0 that is specified in the shrinkwrap file)
How to I fix this? How do I ensure that my package will always install what is found in the shrinkwrap file?
Or maybe I understand how the nom shrinkwrap file should work? If so an explanation of why what I did, did not work. I would appreciate pointers on how to also make it work as I want