a.k.a., "put an end to self-trolling."

This is a very common experience when working on teams of size larger than one:

• The team has decided to .gitignore their node_modules.
• Team Member A updates foo, e.g. npm install foo --save.
• Team Member A commits the resulting package.json and pushes to Git.
• Team Member B finishes all their work on their current feature, and is ready to rebase.
• They do so, but, now all the tests are failing! Or perhaps they aren't failing, but the app is acting weird.
• After a half-hour of sadness and frustrating debugging, Team Member B finally figures out they forgot to run npm install to pick up the latest changes.

Proposal: before any operations involving npm, including e.g. npm test, npm checks to see if all versions match the ones declared in package.json.

Complexities:

• Ideally this should be multi-level, i.e. recursing and doing semver matches.
• If a shrinkwrap file is present, this should be able to do exact version matching against the shrinkwrap file at every level in the tree.
• It's unclear how much overlap there is between this code and the validation npm ls already performs. I suspect npm ls code does not deal with shrinkwrap well, and is not as fast as it could be (e.g. I think it does normalization). But it might be a start.

The minimum viable version of this for Ember is fixing #5083 plus making this work for shrinkwrap.

/cc @stefanpenner