This means that downstream projects must use these exact versions of these dependencies. Which becomes a problem when there is a CVE affecting one (semver for example), as an upstream update is required before any downstream project can use a version with a fix.
Adding the compatible flag will allow downstream projects to use versions compatible with the version declared in this projects package.json.
While working on https://github.com/node-red/node-red-node-test-helper/pull/69 I noted that all dependencies for node-red-node-test-helper are declares with specific versions.
This means that downstream projects must use these exact versions of these dependencies. Which becomes a problem when there is a CVE affecting one (semver for example), as an upstream update is required before any downstream project can use a version with a fix.
Adding the compatible flag will allow downstream projects to use versions compatible with the version declared in this projects package.json.