There has been a few different ways to download the latest version of a module using npm (and also with syntax in package.json). If I'm creating a new node project and I want to use a 3rd party module (that also uses 3rd party modules, and so on), how can I avoid the problem that 3rd party modules might be always getting the latest version of a dependency that could possibly break my application without any warning?
For example, if a module that I want to use has something like this and its package.json:
"dependencies": {
"dep1": "^1.1.1"
}
It will always grab the latest version of dep1 when I install my app. There could be some code in the newer version that breaks my app. Is there a global way to prevent this from happening?