Convert from lockdown to npm shrinkwrap

[pdehaan]

We use npm shrinkwrap in most of our newer repos (ie: FxA stuff, FMD, etc). Not sure if we should still cling to lockdown here for historical nostalgia, or if we should switch to npm shrinkwrap for consistency.

Discuss.

[djc]

Does this mean the shrinkwrap shortcomings (per the lockdown README) have been resolved?

[callahad]

Whoops, the mass-closing script misfired. Reopening.

Shrinkwrap's issues have not been completely solved, but the npm registry now prohibits re-use or modification of version numbers, which is roughly equivalent to what lockdown was trying to solve. We'd be exposing ourselves to potential compromise by the operators of the npm registry itself (or a bug in the registry), but we'd be gaining a better-maintained and easier to use tool.

FxA has switched to shrinkwrap, for example.