Você deu uma olhada no shrinkwrap ? Permite-lhe:
...installs a package, and any packages that it depends on. If the package has a shrinkwrap file, the installation of dependencies will be driven by that. See npm-shrinkwrap(1).
e
Do segundo link;
Building shrinkwrapped packages To shrinkwrap an existing package:
Run "npm install" in the package root to install the current versions of all dependencies. Validate that the package works as expected with these versions. Run "npm shrinkwrap", add npm-shrinkwrap.json to git, and publish your package. To add or update a dependency in a shrinkwrapped package:
Run "npm install" in the package root to install the current versions of all dependencies. Add or update dependencies. "npm install" each new or updated package individually and then update package.json. Note that they must be explicitly named in order to be installed: running npm install with no arguments will merely reproduce the existing shrinkwrap. Validate that the package works as expected with the new dependencies. Run "npm shrinkwrap", commit the new npm-shrinkwrap.json, and publish your package.