Request to remove build dependencies in stable releases

As part of Security testing, the team reported vulnerability packages in the package-lock.json. We will not use those in runtime in production environments can we remove package.json and package-lock.json from the stable release to avoid this?
Also, I am attaching a patch for the same please review.