can't believe how many package authors just leave their dependencies as devDependencies without specifying the exact version of each - it makes it impossible to reproduce the exact environment for testing