Deny package-lock.json #62
Description
It would be good to prevent package-lock.json from being served since they expose the exact versions of packages running on a server.
For example: https://demo.matomo.cloud/package-lock.json