A proper lockfile ensures consistent dependency versions and deterministic installs. This change can be implementing by upgrading package manager clients to yarnpkg or npmv5 (each comes with its own lockfile). Some of the differences between the 2 lockfiles are outlined here