package-lock.json modified by npm install

[wickles]

When I run npm install (node 9.2.1, npm 5.6.0) it modifies package-lock.json which is under version control. This makes it annoying to pull new updates. Is it necessary to include this file alongside package.json? Or is there another way to fix this?

Current npm behavior described here: npm/npm#17979 (comment)

[DeviaVir]

Dear issue reporter,

We have slightly changed our github issue policy and would now kindly request folks that have questions that they ask them in our zenbot subreddit.

You can find it here: https://reddit.com/r/zenbot

This issue will be closed, but if you disagree with your ticket being marked as a question feel free to leave a comment defending your case.

Thanks for contributing time and effort!

Greetings,
🤖

[wickles]

This was not really meant as a question. Regular usage should not modify version controlled files. I linked to an official statement about the expected/intended behavior of npm. If I understand correctly, this behavior happens when package.json or package-lock.json is manually edited to be incompatible with the other.

[DeviaVir]

Smells more like an npm bug to me, so I don't think it belongs in our issue tracker.
We don't have a custom package-lock.json, it is generated via npm i.