I've recently been given responsibility of an old Nodejs app that's on node 8.9.4. The app has a npm-shrinkwrap.json file with specific versions defined for its direct and indirect dependencies.
However, when I do a fresh npm install (using npm version 6.0.1, which is what previous developers had specified in the build job), it looks like npm-shrinkwrap.json is being ignored and whatever is specified in the package.json of the dependencies (in some cases 'latest') is the version that's being installed. The app doesn't have a package-lock.json file.
Anyone seen this issue before?