It's relatively common for folks who primarily develop npm packages (rather than top-level apps) to disable the creation of package-lock.json files as they're not useful for package development.

This commit just forces this option to `true` so that the browser build works correctly for these users (including myself).

Sidenote: Why is package-lock.json not useful to package authors? Lock files don't get published to npm so users will always get the latest versions that semver allows, so it's good for package authors to have the same experience. Otherwise, package-lock.json can obscure that a package is actually broken.