Updates within a major version should always be backward compatible though, so I wouldn’t worry about that. Personally, when including a module with npm I’d always leave the package.json entry as is, so that everyone working on the project simply has the latest version.