What is the point of putting npm's "package-lock.json" under version control? -

what point of putting npm's package-lock.json under version control? in experience having file source controlled has caused more trouble , confusion efficiency gains.

having package-lock.json under source control makes major headache every time developer added/removed/modified node modules needs resolve conflicts between branches. working on complex/large apps package-lock.json can tens of thousands of lines long. blowing away node_modules , running fresh npm install can generate drastic changes in package-lock.

there several other questions package-lock:

• do commit package-lock.json file created npm
• npm - package-lock.json role
• why npm install rewrite package-lock.json?

and github issue ton of conversation package-lock:

• package-lock.json file not updated after package.json file changed

which makes me think there still widespread uncertainty needs cleared up.

according docs

package-lock.json automatically generated operations npm modifies either node_modules tree, or package.json.

so why ever want put automatically generated file under source control?

the above github issue details how people, in response confusion package-lock.json, change npm install script rm -f package-lock.json && npm install, not feel correct.

it seems package-lock.json striving source of truth exact version of node module dependencies, isn't package.json does? when excruciating pain of resolving merge conflicts in file start pay off?