npm notice created a lockfile as package-lock.json. You should commit this file

Question

I have been trying to load the skeleton of express with npm install express. It outputs the following line:

npm notice created a lockfil

Answer 1

Yes you should, As it locks the version of each and every package which you are using in your app and when you run npm install it install the exact same version in your node_modules folder. This is important becasue let say you are using bootstrap 3 in your application and if there is no package-lock.json file in your project then npm install will install bootstrap 4 which is the latest and you whole app ui will break due to version mismatch.