Whether to commit the package-lock.json file created by npm 5 depends on your project's needs and your team's development workflow.

In general, it's recommended to commit the package-lock.json file to your Git repository, as it ensures that the exact versions of dependencies used in your project are recorded and can be easily restored. This can help prevent issues caused by differences in installed dependencies between different developers or environments.

On the other hand, if you have a build system that automatically updates dependencies and generates a new package-lock.json file for each build, you may not need to commit the file to the repository.

Ultimately, the decision of whether to commit the package-lock.json file should be based on the needs of your project and the development process followed by your team. It's a good idea to have a clear policy in place and communicate it to all team members.

Yes, package-lock.json is intended to be checked into source control. If you're using npm 5+, you may see this notice on the command line: created a lockfile as package-lock.json. You should commit this file. According to npm help package-lock.json: