Suggestion: adding lockfile and security related to it

Due to recent research I published with regards to [lockfile security](https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/) - I'd be happy if we also cover lockfiles as a general use-case, but also the traits of lockfiles, such as whether they are tracked for direct or all dependencies, do they include signatures or checksums and so on.