https://semver.org/#spec-item-11 it says:
Example: 1.0.0-alpha < 1.0.0-alpha.1 < 1.0.0-alpha.beta < 1.0.0-beta < 1.0.0-beta.2 < 1.0.0-beta.11 < 1.0.0-rc.1 < 1.0.0.
So, semantic versioning considers anything with “-” a prerelease so 1.0.0-SNAPSHOT is considered prerelease and 1.0.0 is bigger than 1.0.0-SNAPSHOT.
1) Upload a package to hosted npm repo npm-snapshot with version 1.0.0-SNAPSHOT
2) Upload a package to hosted npm repo npm-release with version 1.0.0.
For repo npm-snapshot 1.0.0-SNAPSHOT is latest
For repo npm-release 1.0.0 is latest
3) Look at the group metadata, you will notice that it sets 1.0.0-SNAPSHOT as the latest
"npm install testdeploy" from group repo will return 1.0.0-SNAPSHOT, as 1.0.0-SNAPSHOT set as latest.
Even if look at the deploy times 1.0.0 is deployed later than 1.0.0-SNAPSHOT.
So there may be some issue with npm group logic on picking which version should be latest as there is a latest tag on each member npm repos.
A workaround is do a "npm install package@*" which will exclude prereleases.