Probably will need to use https://npmjs.org/package/canonical-json too.
To clarify why this is desired:
Currently, our npm cache is based on the content of package.json, which has intentionally inexact version specs. This means that it's not guaranteed what exact package versions are in the cached copy (e.g. with "foobar": "~0.1.0", Travis could be using either v0.1.1 or v0.1.2, depending on when the cache last happened to have been cleared). If we want to update the cache, we have to modify package.json (when it is arguably unnecessary to do so) or manually purge the cache. This is particularly relevant for indirect/transitive dependencies.
Using npm shrinkwrap means that the versions will be explicitly locked down.