composer. json file to manage Magento 2 / Extensions installations and upgrades while The composer.lock file stores a set of exact version dependencies that satisfy all of the version constraints of every requirement for every package in the dependency tree of the project.
The composer.lock file is generated after your first composer install. It saves a copy of your dependencies/version that you can commit to your source control
composer.json is the list of required set of libraries and versions for your project.
It contains information such as the name of the project, version constraints for Magento and its dependencies, autoload configurations, scripts to execute during installation and updates, and other project-specific settings.
composer.lock is what set of extensions/modules/components are currently installed for your project. Compoer.lock is a file generated by Composer during dependency resolution and installation, It ensures that all developers working on the same project use the same versions of dependencies
The composer.json is the list of required libraries and versions of your project