npm introduced new package-lock.json versions with the lockfileVersion. When user has different version of npm, which package was created can ends up with git diffs and unnecessary issues.
From npmjs.com about lockfileVersion:
"No version provided: an "ancient" shrinkwrap file from a version of npm prior to npm v5.
- "lockfileVersion": 1 + "lockfileVersion": 2 + "required": true
To avoid modifying package-lock.json lockfileVersion field, use npm install --no-save
# Will NOT overwrite org package-lock.json file npm install --no-save
more about lockfileVersion: lockfileVersion on npmjs.com