When building a Hadoop stack we ran into a lot of problems with different versions of the components not talking to each other.  That is why Hortonworks, Cloudera and MapR exist, to provide the guaranteed version matching of the disparate components.

In terms of upgrading anything in the Hadoop stack we took the approach of having a local repository.  This meant that the stack was always built from known, tested versions of the software in the local environment and not from whatever was most current from the internet.
As a separate repo we DID pull the latest stuff from the internet and this went through a rigorous testing cycle to ensure that version compatibility issues were thrashed out, penetration testing was done etc.  Only when all this was done would the contents downloaded from external sources be allowed into the local repository.  This also reduced the attack surface area as the number of routes and ports to the main system could be greatly reduced.
I don't know if this approach can be taken with Node.JS but I would be surprised if it couldn't.