Is it possible to lock global packages to a specific version? For example if I do:
$ npm install -g some-awesome-package@1.7.0
if some-awesome-package@1.7.1 exists, can I prevent npm from ever updating this specific package?
There may be a way to do this through the npm CLI, but I can't find it. There doesn't seem to be a npm shrinkwrap for global packages, either.
I thought it might be possible using npm link (which creates a symlink from a local package to the global folder), but running npm install -g somepackage@foo after npm link, does overwrite the previously installed global package.
One (very hacky) way to force npm to fail when it tries to overwrite your globally installed package is to remove write permissions for the folder (for the user account that runs npm) with something like this chmod -w /usr/local/lib/node_modules/<some package>.
Once you do that, then npm can't install/update that global package because it doesn't have write access. I can't say I recommend going down that road, though.
The answer appears to be no. I opened this issue but it got closed. It's hard to imagine that I'm the only person with this use case though.