...
error: Your local changes to the following files would be overwritten by merge:
htdocs/package-lock.json
Please commit your changes or stash them before you merge.
Is it advisable to `git stash', `git pull', `git stash pop' in this situation?
The best thing to do here is to run
git checkout htdocs/package-lock.json
That will reset the file to what it is in the main branch. You don't need the changes in that file, so no need to stash them.
What is happening is that sometimes npm changes the package-lock.json file when you run "npm install". It does this if there is a newer compatible version of a library, and it updates the version in the lock file. If you don't want to see that run "npm ci" instead (short for "npm clean-install"). That will install the files specifically stated in the lock file, and won't check for and install newer compatible versions.
If you want a bit more of the story read on. If you are satisfied with the above answer stop reading now!
"npm install" is really for developers and updates the lock file, and "npm ci" is for production use and installs exactly what is in the lock file. "npm ci" is what we originally had in the installation instructions, but we changed it to "npm install" because of issues with different npm versions. Earlier versions of npm used lock file version 1, and more recent versions use lock file version 2. We previously allowed those earlier versions of npm and "npm ci" doesn't work for those versions with lock file version 2. Now we don't allow those earlier versions, and insist on version 8 of npm (included with node version 16). So we can go back to "npm ci". Then the lock file won't be changed like that.
Thank you for the detailed reply, most appreciated Glenn! Problem resolved.