I changed the name of a package I was working on and so I reran npm shrinkwrap. I didn't change any of the fields for the other dependencies.
I noticed something odd where npm shrinkwrap changed the "from" property for the pg package from:
"from": "pg@>=4.0.0 <5.0.0",
to
"from": "https://registry.npmjs.org/pg/-/pg-4.5.6.tgz",
and was curious as to why that happened.
Found this thread which explains it: https://github.com/npm/npm/issues/9550
In summary, it has to do with if you delete node_modules after the first time you ran shrinkwrap, and then run shrinkwrap again. The package.json files for the individual libraries (upon which the npm-shrinkwrap.json file gets built) get constructed differently once a shrinkwrap file is in place.