This is a secondary reason for what I'll do for production code: grab the CPAN tarball, and make it immutable in my build environment (whether that is check it in to version control or whatever). I don't have to worry about the upstream author breaking my code with an API change in a new version - I'll always use the old one. Until I'm ready to go through the upgrade/test cycle, where I do the upgrades on a single test machine, run the unit tests, and make any required changes to my code to compensate. The module are all installed from the immutable location exactly the way I need it, every single time.
Sounds like npm doesn't really allow that to work? I'm not sure, my experience with npm is quite limited.