If you're looking at some JavaScript code you got from elsewhere, probably Node.js packages, you'll notice each has a file called 'package.json'. This will be in the module's base or root directory. This file is a sort of manifest file for the module, most likely an npm module/package. Any package listed at npmjs.com needs a package.json, and the absolute minimum the file should contain is the package's name and version. The name and version make up a unique key for the package within npmjs.
The file usually contains much more than name and version. You can guess by the file extension that it's a JSON file, conforming to JSON standards, which means it's not exactly a full JavaScript object literal (JSON has some further constraints). The package name should be a normal alphanumeric identifier, which may contain dots and underscores but not as the first character.
The file often contains a list of 'dependencies' (as well as 'devDependencies'). This is relevant to users of the package because the dependencies get installed when you run npm install. The dependencies can simply be package names with versions which can be downloaded from npmjs.com or can be names of git (GitHub, but also BitBucket) repositories, or link to a tarball). The most flexibility and legibility comes with specifiying dependencies as package names and versions (versions can be minimum version, maximum version, a range, etc.). The npm command, npmjs.com, and packages downloaded from there, go hand in hand with the package.json file.
You don't need to create the package.json file by hand. You can let npm help with npm init, which will ask you some questions. Afterwards, you can edit the package.json file by hand, remembering to keep it in valid json format, and specifying package versions in the allowed formats.