does package-lock.json contain sensible information code example

Example: what is package.lock.json

It could be you, or another person trying to initialize the 
project on the other side of the world by running npm install.

So your original project and the newly initialized project are 
actually different. Even if a patch or minor release should 
not introduce breaking changes, we all know bugs can 
(and so, they will) slide in.

The package-lock.json sets your currently installed version 
of each package in stone and npm will use those exact 
versions when running npm install.

This concept is not new, and other programming language 
package managers (like Composer in PHP) use a similar 
system for years.

The package-lock.json file needs to be committed to your 
Gitrepository, so it can be fetched by other people if 
the project is public or you have collaborators, or if 
you use Git as a source for deployments.

The dependencies versions will be updated in the 
package-lock.json file when you run npm update.