Recently, npm released the npm audit command. It runs automatically when you npm i letting you know of any vulnerabilities. I have a simple dependency tree, something like this:
package A
package B
package B dependency
package C
My package.json includes A, B, and C in the dependencies field. B is requiring its own dependency, which npm warns has vulnerabilities. My question is, how can I override the package B dependency version so as to use the latest version? I've read around that this is either the job for shrinkwrap.json or manually editing package-lock.json but I can't find any concrete examples showing how to do it.
I did see that Yarn supports a resolutions field in package.json, but I'm not using Yarn. Is there a way to accomplish this with npm out of the box?
