The main purpose of composer.lock is to lock dependencies.
As discussed, the composer.lock file is very important. This is because when a specific exact version is not specified in composer.json or a package is installed through composer require without version information, Composer installs the package and, after installing, adds information regarding that package installation including the exact version (that is installed).
If, package is already in composer.lock, then most probably you have the package listed in composer.json as well. In that case, you normally install the package through composer install and Composer will read the package details and version information from composer.lock and install exactly that version because that is what Composer does, locking dependencies with the exact version.
If there is no composer.lock file in your code base, composer install or composer require will install package(s) which will create the composer.lock file as well.
If the composer.lock file is already there, then it will make sure that Composer install will install the exact version written in composer.lock file and it will ignore composer.json. However, as mentioned earlier, if you want to update your dependencies and want to update that in the composer.lock file, then you can run composer update. This is not recommended, because once your application is running on specific dependencies and you don't want to update, then the composer.lock file is useful. So, if you want to lock down dependencies, don't run the composer update command.
If you are working in a team, you must commit the composer.lock file as well, so that other team members in your team can have the exact same packages and versions. So, committing the composer.lock file is highly recommended and not a matter for discussion.
We are not going to discuss composer.lock in detail, as this is most of what we need to know about composer.lock. However, I would recommend you open and read composer.lock once. Understanding everything is not necessary, but it will give you some idea.
It basically has package information that is installed with the exact version that is installed and its dependencies.