The NPM team has provided some suggestions that may also help for situations like this. See: https://blog.npmjs.org/post/145724408060/dealing-with-problematic-dependencies-in-a
Their suggestion is, essentially, to branch or fork the dependency that is pulling in the dependency you do not want. From your code snippet, I think you want to fork the mongodb module and remove the dependency on kerberos and update loopback-connector-mongodb to use your fork of mongodb.
This answer on a similar question may be helpful when forking the dependencies: https://stackoverflow.com/a/35349284/1524989
It would also be possible to substitute a dummy package for the one you want to remove. To do so, create a new package (e.g. npm init kerberos ) and update package-lock.json (or npm-shrinkwrap.json, if you prefer) to substitute it for the real kerberos package.