TIL that you can alias a npm module to a version of another one in your package.json:

"dependencies": {
    ...
    "socket.io": "^2.3.0",
    "socket.io-next": "npm:socket.io@^3.0.4",
    "socket.io-client-next": "npm:socket.io-client@^3.0.4",
    ...
},

When republishing the resulting package-lock.json file you get the following errors:

Failed to load metadata for socket.io-client-next
Failed to load metadata for socket.io-next

as those modules don't really exist.

Instead we need to inspect the version numbers to see if they start with npm: and then pluck both the real name+version from the version field.