Adding links for third party libraries in the add-on review

Hello!
I had some questions around this topic: https://extensionworkshop.com/documentation/publish/third-party-library-usage/

I am using more than a few npm packages in my add-on code. Will uploading my extension with package-lock.json files suffice? Or do I need to manually go in there and find all the links for my npm packages and include them in the README?

Generally having a package lock (and package.json) included has been fine for me so far. Though I do try to use the bare files directly whenever possible instead of bundling them with webpack and co. - however that can be rather tedious and obviously not possible for packages without a web target.