What is package-lock.json?

Should I commit it?

---

What is it?

The package-lock.json is a file that is automatically generated when npm modifies the `node_module` tree or the `package.json` file. It is used to capture the exact tree that was generated by npm.

When you run `npm install` or `npm install <package>,` this will cause the tree to change, thus generating the package-lock.json file.

Should I commit it to Source?

Yes, it replicates the exact state of the dependencies for a given installation, which helps reduce the ‘it works on my machine’ problem. It does this by capturing the tree of all the dependencies from the project. It may be easy to ignore an autogenerated file like a binary file, but for this instance, you want to commit it.

What if I do not have the lock file?

If you do not have the package-lock.json file, then you can simply run `npm install` at the root of your project. This will regenerate the file for you.

npm install ;