是的，package-lock.json 旨在签入源代码管理.如果您使用的是 npm 5+，您可能会在命令行上看到此通知:created a lockfile as package-lock.json.你应该提交这个文件. 根据 npm help package-lock.json:

Yes, package-lock.json is intended to be checked into source control. If you're using npm 5+, you may see this notice on the command line: created a lockfile as package-lock.json. You should commit this file. According to npm help package-lock.json:

package-lock.json 为任何 npm 操作自动生成修改 node_modules 树或 package.json.它描述了生成的确切树，以便后续安装能够生成相同的树，无论中间依赖项更新如何.

package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.

此文件旨在提交到源代码库，并提供各种用途:

• 描述依赖树的单一表示，以便团队成员、部署和持续集成保证安装完全相同的依赖项.

• Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.

为用户提供时间旅行"的便利node_modules 之前的状态，而无需提交目录本身.

Provide a facility for users to "time-travel" to previous states of node_modules without having to commit the directory itself.

通过可读的源代码控制差异来提高树变化的可见性.

To facilitate greater visibility of tree changes through readable source control diffs.

并通过允许 npm 跳过先前安装的软件包的重复元数据解析来优化安装过程.

And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.

package-lock.json 的一个关键细节是它不能被发布，并且如果在***包以外的任何地方找到，将被忽略.它共享npm-shrinkwrap.json 格式，本质上是同一个文件，但是允许发布.除非部署 CLI 工具或否则使用发布过程生产生产包.

One key detail about package-lock.json is that it cannot be published, and it will be ignored if found in any place other than the toplevel package. It shares a format with npm-shrinkwrap.json, which is essentially the same file, but allows publication. This is not recommended unless deploying a CLI tool or otherwise using the publication process for producing production packages.

如果 package-lock.json 和 npm-shrinkwrap.json 都存在于一个包，package-lock.json 将被完全忽略.

If both package-lock.json and npm-shrinkwrap.json are present in the root of a package, package-lock.json will be completely ignored.