Rewrite npm's lockfile/shrinkwrap to ensure secure registry urls are being used
$ npx rewrite-lockfile <path>
In order to automatically rewrite lockfile on every installation, install it as dev dependency:
$ npm install --save-dev rewrite-lockfile
and add following script to your package.json:
{
"scripts": {
"postshrinkwrap": "rewrite-lockfile package-lock.json"
}
}