在npm官网上有介绍：https://docs.npmjs.com/files/package-lock.json

package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.

当npm命令会修改node_modules树形结构或者package.json时，package-lock.json文件会自动被创建。

作用有三：

(1) Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies. 其他部署和CI/CD基于此可以安装完全一致的依赖模块。

(2) Provide a facility for users to “time-travel” to previous states of node_modules without having to commit the directory itself.

作为npm操作的版本记录文件，能回溯之前做过的对node_modules的操作。

(3) To facilitate greater visibility of tree changes through readable source control diffs.

(4) And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages. 对于之前通过npm安装过的包，可以跳过元数据的解析，优化安装过程。