Liran Tal 
had some questions on the internal Snyk slack that prompted me to shared an old write-up from 2019 about lockfiles so here's a read for ya: https://snyk.io/blog/what-is-package-lock-json/
What is package lock json? Lockfiles for yarn & npm packages | Snyk

In this article we will discuss both npm's package lock file package-lock.json as well as Yarn's _yarn.lock.

Snyk
Apr 3 at 9:44amWeb