I get it - similar idea expressed in this article yehudakatz.com/2010/12/16/clarifyi.... But from experience npm packages are fragile, what you were able to install today (based on package.json) doesn't guarantee you would be able to install in a month. How do you deal with fragility? I gave up and commit lock files.
You can always use exact version number dependencies in package.json. Package-lock.json is unnecessary.
Your "exact version number dependencies" have other dependencies which most likely are not "exact version number dependencies", so case described by @stereobooster
still applies. You will most likely get different packages in time when you use npm install on your project without package-lock file, and your project may break because of that. I agree it's a pain to maintain it but sometimes there is no other way.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.