From ee4d1bad7f700b95defecfe042977c392667f2a4 Mon Sep 17 00:00:00 2001
From: Mick Thompson <dthompson@gmail.com>
Date: Mon, 16 Jun 2014 10:34:06 -0700
Subject: Remove concerns of package republishing from shrinkwrap docs

Republishing packages is no longer possible.
---
 doc/cli/npm-shrinkwrap.md | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/doc/cli/npm-shrinkwrap.md b/doc/cli/npm-shrinkwrap.md
index 70f330be8..05637f21d 100644
--- a/doc/cli/npm-shrinkwrap.md
+++ b/doc/cli/npm-shrinkwrap.md
@@ -163,15 +163,6 @@ shrinkwrap will implicitly be included in A's shrinkwrap.
 
 ### Caveats
 
-Shrinkwrap files only lock down package versions, not actual package
-contents.  While discouraged, a package author can republish an
-existing version of a package, causing shrinkwrapped packages using
-that version to pick up different code than they were before. If you
-want to avoid any risk that a byzantine author replaces a package
-you're using with code that breaks your application, you could modify
-the shrinkwrap file to use git URL references rather than version
-numbers so that npm always fetches all packages from git.
-
 If you wish to lock down the specific bytes included in a package, for
 example to have 100% confidence in being able to reproduce a
 deployment or build, then you ought to check your dependencies into
-- 
cgit v1.2.3