If your package-lock changes every commit (I'm guessing this means it changes after every `npm install`) then you might have some issues within the team in terms of consistent npm/node versions, or perhaps with the registry you're using if it isn't the public registry.
In my previous role we constantly ran into issues with the integrity hash changing which was an unfortunate side effect of both the issues I mentioned above, an Artifactory npm registry and inconsistent npm/node versions
TL;DR though, it's not normal for the package-lock to change all the time.
In my previous role we constantly ran into issues with the integrity hash changing which was an unfortunate side effect of both the issues I mentioned above, an Artifactory npm registry and inconsistent npm/node versions
TL;DR though, it's not normal for the package-lock to change all the time.