I'm working on a project in which the package.json file is missing. The developer has pushed the package-lock.json file without the package.json file.

How can I create a clean package.json from the package-lock.json file in case it is at all possible?

It's not possible to generate full package.json from package-lock.json because the latter doesn't contain all necessary data. It contains only a list of dependencies with specific versions without original semvers. Production and development dependencies are mixed up along with nested dependencies.

Fresh package.json could be generated, then augmented with these dependencies with something like:

const fs = require('fs');
const packageLock = require('./package-lock.json');
const package = require('./package.json');

package.dependencies = Object.entries(packageLock.dependencies)
.reduce((deps, [dep, { version }]) => Object.assign(deps, { [dep]: version }), {});

fs.writeFileSync('./package-new.json', JSON.stringify(package, null, 2));

Nested dependencies could be filtered out by checking requires key, but this can affect project's own dependencies.

Simply run npm init and it will pull all of the current dependencies from package-lock.json