Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/3180
Changes consist of two files;
- The larger one being package-lock.json; It stores an exact, versioned
dependency tree rather than using starred versioning like package.json itself
(e.g. 1.0.*). This means you can guarantee the dependencies for other
developers or prod releases, etc. It also has a mechanism to lock the tree but
generally will regenerate if package.json changes.
https://docs.npmjs.com/files/package-lock.json
- package.json contains the actual changes that needs upgrade.
---
