My app is node v4, I wrote it back on v4 and have never needed to update it (if it ain't broke...). That is, until one of the dependencies removed v4 support in a minor version update.
I read that there is this idea of package-lock.json in 5.x+
Will the package-lock.json concept prevent the scenario of minor versions breaking my app when I have to reinstall from source?  
I basically want to verify a node_modules is working as expected, and every time I run npm install I get the same node_modules I did originally, even if a dependency five deep decides to update their package I don't want it.
As you already said in the comments, the answer is Yes.
And for your dependencies dependencies, running npm install will install the versions specified in their respective package.json (they don't have package-lock.json as it is not published, but they could have a shrinkwrap) unless you run a npm update.
In short terms, you would only run in a scenario you don't want to if you run npm update, but npm install won't give you troubles.
By the way, you can easily replicate that behaviour by copying your package.json to 2 environment where you have the 2 versions of node that you need.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With