Once we upgraded our npm to version 5, a package-lock.json file was being generated in each microservice. According to https://stackoverflow.com/questions/44206782/do-i-commit-the-package-lock-json-file-created-by-npm-5, this file is to be committed to source control for deterministic install of npm packages. This also means, we should not ignore it in .gitignore.
Add package-lock.json file to all microservices (backend)
Ensure there are no package-lock.json entries in .gitignore for all microservices