Inconsistent .gitignore?

When interacting with the repository as described in the README, a user might be running cd tools && npm install. Doing so will, however, create new files (package-lock.json, tools/package-lock.json) that are not ignored by git and are left around uncommitted in the source tree. This makes it harder to switch branches and make meaningful Merge Requests, because you have to figure out whether you need to include those things in the commit or not.

It would be good to either decide to commit the lock file and then add it to the repository, or decide to not commit the lock file and then exclude it via using .gitignore