npm-shrinkwrap.json causing issues with internal npm registry #6037
Description
The latest version of pm2 (6.0.11) includes npm-shrinkwrap.json now, I understand this was done to prevent the installation of a compromised debug package, but it is preventing us from installing it in our company setup as we have an internal instance of the npm registry due to security issues, including the ones from last week that included the debug package.
I wish there was a better solution, something in the .npmrc file for example, but until then having npm-shrinkwrap will prevent us from updating. Can you please re-consider this decision?
In some edge cases npm-shrinkwrap.json may even lock in a compromised version of a package.