package-lock.json is automatically generated for any operations where
npm modifies either the node_modules tree, or package.json.
It describes the exact tree that was generated, such that subsequent
installs are able to generate identical trees, regardless of
intermediate dependency updates.
This file is intended to be committed into source repositories [...].
From npm docs: