npm3 Shenanigans

I'm beginning to see why people hate npm. Both npm-shrinkwrap and npm3's dependency deduping are terrible ideas. npm-shrinkwrap is meant to solve a problem that has to do with programmers incorrectly using semver to specify dependency versions, thereby encouraging programmers to keep incorrectly using semver and putting an ever-expanding bandaid on it, rather than fixing the actual problem. npm3's dependency resolution fixes a problem that npm never had, with a poorly designed feature that is way outside of npm's scope. Instead of including all sub-dependencies with the package that requires them, like npm2 did, npm3 will attempt to merge the dependency trees. This means that the resulting dependency tree will differ depending on install order. "Does this matter? No!" says the documentation; except it totally does: 1) Some problematic package installs become intermittent, 2) The size of the install is sort of arbitrary, and 3) Don't tell me you've never edited a source in node_modules for debugging purposes; now these will (maybe/sometimes) affect all the subdependencies that also use the same module, making it that much harder to debug. Luckily, npm3 still allows you to specify --legacy-bundling to avoid automatic deduping entirely. Keeping my fingers crossed that they will keep this option indefinitely. As for npm-shrinkwrap, just don't use it! If a dependency doesn't use semver correctly, either don't use that dependency, file a critical bug, or fork it and fix it yourself.