TL;DR: My updated take is Lockfiles for Node.js apps, not for other projects. When you run npm install, after you add or change a dependency in package.json, npm finds and selects the latest compatible version, downloads it, and replaces your package-lock.json file to describe what it found. The npm install command does not consider lockfiles…
