Yes definitely, you should commit the package-lock.json.
Also, I would highly recommend to use npm ci instead of npm install while building your applications both on your CI as well as on your local development machine, and that workflow would require the existence of a package-lock.json.
Why not to use npm install?
A huge downside of npm install command is that it may mutate the package-lock.json, on the other hand, npm ci only uses the versions specified in the lockfile, but most importantly it produces an error if the package-lock.json and package.json are out of sync.
So, running npm ci locally, especially in larger teams with multiple developers, is a good decision to stay away from conflicts.