package-lock.json

I just recently upgraded to npm@5. I now have a package-lock.json file with everything from package.json. I would expect that, when I run npm install that the dependency versions would be pulled from the lock file to determine what should be installed in my node_modules directory. What's strange is that it actually ends up modifying and rewriting my package-lock.json file. For example, the lock file had typescript specified to be at version 2.1.6. Then, after the npm install command, the version was changed to 2.4.1. That seems to defeat the whole purpose of a lock file. What am I missing? How

I have travis-ci integrated with my GitHub account ( https://github.com/pradeep0601/Angular5-Router-App ). When I updated @angular/cli version from 1.7.4 to 6.0.0-rc.3, the build started failing with an error: Local workspace file ('angular.json') could not be found. Error: Local workspace file ('angular.json') could not be found. at WorkspaceLoader._getProjectWorkspaceFilePath (/home/travis/build/pradeep0601/Angular5-Router-App/node_modules/@angular/cli/models/workspace-loader.js:37:19) at WorkspaceLoader.loadWorkspace (/home/travis/build/pradeep0601/Angular5-Router-App/node_modules/@angular