npm notice created a lockfile as package-lock.json. You should commit this file.
https://docs.npmjs.com/files/package-lock.json
Yes. You should add this file to your version control system, i.e. You should commit it.
This file is intended to be committed into source repositories
You can read more about what it is/what it does here:
package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.