Build dependency cache validity

[RazzM13]

Apparently, the CircleCI build system is currently creating a cache of the node_modules folder that contains this project's depedencies, as installed by npm; I believe that this is great as it reduces build time considerably however, the cache's validity is controlled via a checksum of the package.json file, as depicted by the cache key's value (dependency-cache-{{ checksum "package.json" }}) of the .circleci/config.yml file.
This solution is very nice for when dependencies are added or removed from the project however it may silently fail and lead to an erronous build due to npm's depedency resolution mechanism, whenever a new version of a depedency or a sub-depedency is deployed to npm that matches the package's semver. Therefore, perhaps a better solution would be to control the depedency cache's validity via checksumming the npm-shrinkwrap.json file, which can be generated using npm shrinkwrap.

[akdor1154]

If we are ok with using npm 5, could use package-lock.json ?
This does not force consumers to use npm 5, so should be fine as long as all contributors are on that version.