It's not related to RN but you touched on something with NPM that made me realise that, for some reason, I never trusted its `update` command. If I wanted to update a specific dependency to a new version I would take the `apt` approach and just install it again, or tweak the version number directly.

Contrast this to how I've approached it in, say, Ruby...I'm very confident in blindly running `bundle update` and checking the diff to see the result.