NPM install behaves differently in different situation, unable to understand if it’s correct or not?

• npm init to initialize the project
• we use axios: "~1.2.4" in the package.json file
  • when we run npm install package 1.2.6 will be installed which is correct as the latest patch will be installed
  • now if we use ^1.2.4 in package.json and run npm install the node modules or package-lock.json won’t get updated to 1.3.6 which is the intended behaviour based on the usage of ^ (why is this happening here?)
  • now if we use ^1.3.4 in package.json and run npm install the node modules and package-lock.json both will get updated to use 1.3.6 which is the intended behaviour (and I suppose this is correct)
  • now if we use 1.2.4 or 1.3.4 the packages with the version will be installed

Also, what is the actual use of the .package-lock.json file?