Node packages love to use carot versioning. read-pkg-up@"^7.0.1 means that this package requires at least7.0.1 but less than versions 8 or above. This is great in a sense because it means we can get bugfixes for the same major version, without requiring us to chase down each package maintainer to update the requirements file. But let's look at a certain dependency chain: semver@5.7.1node_modules/normalize-package-data/node_modules/semversemver@"2 || 3 || 4 || 5"fromnormalize-package-data@2.5....
