{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 闹够了就滚 的问题《Should package-lock.json also be published?》','https://www.manongdao.com/q-318393.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
npm 5 introduced package-lock.json, of which the documentation is here.
It states that the file is intended to be included with version control, so anyone cloning your package and installing it will have the same dependency versions. In other words, you should not add it to your .gitignore file.
What it does not state is wether or not the file is intended to be included with a published package. This question could be rephrased as; should package-lock.json be included in .npmignore?
It cannot be published.
From the npm documentation:
See package-lock.json documentation on docs.npmjs.com.
However, you should be commiting your
package-lock.jsonto git as per the documentation.hence the common message presented by npm:
EDIT: A more detailed explanation can be found here.