Do I commit the package-lock.json file created by npm 5?
Yes, package-lock.json is intended to be checked into source control. If you’re using npm 5+, you may see this notice on the command line: created a lockfile as package-lock.json. You should commit this file. According to npm help package-lock.json: package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. … Read more