I've found package-lock.json to be generally frustrating. Like, I can't tell if npm has installed from the package-lock or not.

That sounds super frustrating, and I agree that the documentation isn't clear enough about how npm interacts with the lockfile. Is there a specific command that was behaving unexpectedly for you? My understanding is that npm only installs from the lockfile exactly when using npm ci or npm install module-with-shrinkwrap, but the rest of the time it follows this behavior:

1. The module tree described by the package lock is reproduced. This means reproducing the structure described in the file, using the specific files referenced in “resolved” if available, falling back to normal package resolution using “version” if one isn’t.
2. The tree is walked and any missing dependencies are installed in the usual fashion.

-- npm-package-locks (An explanation of npm lockfiles)