The logic in tools/meteor_npm.js does nothing if the top-level npm dependencies in your local tree match the dependencies declared with Npm.depends. So a commit like 0a4663b will not cause a re-install.
There were two separate issues here:
- npm-shrinkwrap.json wasn't actually being used as part of the
watchset/buildinfo, so changes to it might not cause the package to
be considered for rebuilding
- meteor-npm only compared top-level changes when deciding whether to
update, not all changes