What are "best practices" for a Package.js file?

What are the standards for keeping a Package.js file healthy ?

  • Version numbers should be specified for each external (colon ‘:’ containing) dependent package
  • Version numbers should not be more than a minor version behind the latest (and the package should be tested with that higher version)

What others would you suggest ?