Do you install your private node modules as below?

// package.json

"dependencies": {
  "private-module": "git+ssh://git@github.com:private-module.git#v5.5.5"
}

If yes, chances are when you upgrade the package version to #v5.5.6, and do npm install, your package-lock.json wont be updated and neither the actual files inside node_modules. To ensure the update, I am having to manually update the package-lock file. Has anyone faced this?