tools: add package-lock when installing npm dependency

Adding package lock with npm version when installing a dependency with npm. This allow us to have a better view of what we are installing Refs: https://github.com/nodejs/security-wg/issues/1037 If we agree on this I'll do for the rest of npm deps