node.js - npm nested dependency not latest version -

in node.js project, have dependency gulp has dependency vinyl-fs has dependency glob-watcher has dependency gaze. glob-watcher version 0.0.6 has gaze dependency set ^0.5.1.

according this post ^ (caret) means latest minor version accepted. expect glob-watcher install latest minor version of gaze, (at time of writing) 0.6.4. doesn't, 0.5.1 installed.

question: why? how fix this?

i have tried adding following npm-shrinkwrap.json project root , running rm -rf node_modules/ && npm install:

{   "name": "myproject",   "version": "0.0.1",   "dependencies": {     "gulp": {       "version": "3.8.11",       "from": "gulp@~3.8.10",       "dependencies": {         "vinyl-fs": {           "version": "0.3.13",           "from": "vinyl-fs@^0.3.0",           "dependencies": {             "glob-watcher": {               "version": "0.0.6",               "from": "glob-watcher@^0.0.6",               "dependencies": {                 "gaze": {                   "version": "0.6.4",                   "from": "gaze@^0.5.1"                 }               }             }           }         }       }     }   } } 

that did make version of gaze wanted installed, unfortunately configuration results in 4 dependencies being installed. specify entire dependency tree fix that, undesirable, because i'd override 1 package. (but doesn't seem overriding should necessary, according purported behavior of ^.)

obviously write shell script cd dependency , manually npm install version want, i'd rather "right" way, if there one.

any appreciated.

why?

pretty simple: latest version of gaze has not been npm published yet, , still on version 0.5.1 on npm repo

how fix this?

you kinda scr***. solution use npm install [githubtarball] --save don't want manually edit package.json of dependency, , ton want fork glob-watcher, vinyl-fs , gulp.

edit: maybe using url https://github.com/shama/gaze/tarball/v0.6.4 in shrinkwrap work.