npm notice created a lockfile as package-lock.json. You should commit this file
Yes. You should add this file to your version control system, i.e. You should commit it.
This file is intended to be committed into source repositories
You can read more about what it is/what it does here:
package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.
You can update the existing package-lock.json file instead of creating a new one. Just change the version number to a different one.
{ "name": "theme","version": "1.0.1", "description": "theme description"}
Yes you should, As it locks the version of each and every package which you are using in your app and when you run npm install
it install the exact same version in your node_modules folder. This is important becasue let say you are using bootstrap 3 in your application and if there is no package-lock.json file in your project then npm install
will install bootstrap 4 which is the latest and you whole app ui will break due to version mismatch.