[QUESTION] Clarification on the use of package.json, package-lock.json and package-map.json

[Rochet2]

What / Why

There are several package files: package.json, package-lock.json and package-map.json.
However the uses of these may be different from how npm uses them in regards to the run-time of the application.
Out of academic interest I would like to have some clarification on the files, their usage and relation to each other:

Before a program starts, which of these files must be defined?
When a program starts, which of these files are generated/modified?
Which of these files are modified during the run-time?

Thinking of how npm works I would assume that package.json and package-lock.json must always exist and package-map.json is modified as the program executes and fetches more dependencies.