This document is now out of date. New documentation is being written and will be published here: http://dotnet.github.io/docs/

What is project.lock.json?

Think of it as a packages folder per project. In NuGet today, you get a solution level packages folder. That tells the project (via hint paths) what set of packages it can use for compilation and running. The project.lock.json file is effectively the same thing, it's a "per project packages folder", since we don't copy anything local in Project K, it's a way to scope the list of packages in %userprofile%.dnx\packages so that projects don't just run based on the global set of packages, but the ones that are relevant to that project.

On top of that, it also stores the list of files and relevant content for compilation and runtime (we're working on this) so that the runtime only has to read a single file instead of N nuspec files. This actually cut the startup time in 1/2 on azure websites.

The third function of the lock file is when you choose to check it into source control. When you actually lock the lock file, kpm restore no longer does dependency resolution. It will just download the files listed in the lock file. This way it acts more like a packages.config.