What is package-lock.json?
Why Interviewers Ask This
Interviewers use this question to quickly assess whether a candidate has the foundational knowledge required for Node.js development. It reveals whether you understand the building blocks that more complex concepts rely on.
Answer
package-lock.json is an automatically generated file that records the exact version of every package (direct and transitive dependency) installed in node_modules/, along with resolved URLs and integrity hashes. Its purpose is to ensure reproducible installs — running npm install on any machine or at any future time will install exactly the same package versions, not just "compatible" versions as specified by semver ranges in package.json. This prevents the "works on my machine" problem caused by different developers or CI servers resolving package ranges differently. Commit package-lock.json to version control for applications (so all team members and CI use identical dependencies). For libraries published to npm, whether to commit it is debated — the library's consumers determine their own lock. Do not manually edit package-lock.json; it is maintained by npm automatically.
Pro Tip
This topic has Node.js-specific nuances that differ from general programming. Highlighting those nuances in your answer shows expertise rather than generic knowledge.
Previous
What is npm install and what does it do?
Next
What is the difference between dependencies and devDependencies?