It's worth mentioning that both package.json and package-lock.json should be included in the repo. The first allows to install dependencies fresh, and the second one is necessary for the npm ci command, indispensable for any continuous integration setup. I've seen people who kept package.json but ignored the lockfile, and it did cause me problems a few times...
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.