In npm 6.x and 7.x you can use
npm i --package-lock-only
According to the docs of npm v6, npm v7 or latest version:
The –package-lock-only argument will only update the package-lock.json, instead of checking node_modules and downloading dependencies.