package.json and package-lock.json medium code example
Example: what is package.lock.json
It could be you, or another person trying to initialize the
project on the other side of the world by running npm install.
So your original project and the newly initialized project are
actually different. Even if a patch or minor release should
not introduce breaking changes, we all know bugs can
(and so, they will) slide in.
The package-lock.json sets your currently installed version
of each package in stone and npm will use those exact
versions when running npm install.
This concept is not new, and other programming language
package managers (like Composer in PHP) use a similar
system for years.
The package-lock.json file needs to be committed to your
Gitrepository, so it can be fetched by other people if
the project is public or you have collaborators, or if
you use Git as a source for deployments.
The dependencies versions will be updated in the
package-lock.json file when you run npm update.