UPDATE: Use yarn and yarn.lock instead! Way simpler and better!
Update, 15. July 2017: NPM 5 included a package-lock.json which is automatically generated after each npm install

Syntax

$ npm shrinkwrap

This command locks down the versions of a package’s dependencies so that you can control exactly which versions of each dependency will be used when your package is installed. The package.json file is still required if you want to use npm install.

Okay. Let me ask this way —

Are you coming from Ruby? It’s basically like Gemfile.lock

Are you coming from PHP? It’s basically like composer.lock

Basically we can control what dependencies exactly we want to use for our environment.

Allow me to demonstrate.

Alright, we have installed our dependencies, now let’s freeze our dependencies. Run this in our directory.

npm shrinkwrap

There we go!

Now we have our dependencies frozen. But why should we care and why do we need this? I’ll tell you why :)

it’s extremely difficult to have control over the version numbers of your dependencies dependencies. For this reason, it’s a bright idea to run npm’s shrinkwrap feature to lock down the versions of dependencies you are using once you have reached a mature point in development.

Updating our shrinkwrap.json

Simple to do. We just run the following in our terminal

npm outdated && npm update

Since I don’t have any outdated packaged currently it will display nothing for me. (Which is good)

Stay tuned, thanks for reading!