npm duplicates dependency unnecessarily

[gzip]

For some reason npm isn't satisfied with the top level dependency even though it meets the requirements of the child package. I've created a test package to demonstrate the issue. This is a fresh install from the root.

$ npm -v
1.2.32

$ npm ls async
foo@0.0.0
├── async@0.2.10     <-------- This should be good
└─┬ yahoo-arrow@0.3.3
  ├── async@0.2.9     <-------- Why does it duplicate?
  ├─┬ istanbul@0.1.25
  │ ├── async@0.1.22 
  │ └─┬ handlebars@1.0.12
  │   └─┬ uglify-js@2.3.6
  │     └── async@0.2.9 
  └─┬ log4js@0.5.1
    └── async@0.1.15 

$ ack dep -A 3 package.json 
  "dependencies": {
    "async": "~0.2.0",
    "yahoo-arrow": "0.3.3"
  },

$ ack '"async"' node_modules/yahoo-arrow/package.json 
    "async": "~0.2.5",

[rlidwka]

yahoo-arrow has npm-shrinkwrap.json file in it, so npm follows it and install exact versions.

[gzip]

Ah, of course. Not the first time shrinkwrap has surprised me. Thanks.