The file often contains a list of 'dependencies' (as well as 'devDependencies'). This is relevant to users of the package because the dependencies get installed when you run
npm install. The dependencies can simply be package names with versions which can be downloaded from npmjs.com or can be names of git (GitHub, but also BitBucket) repositories, or link to a tarball). The most flexibility and legibility comes with specifiying dependencies as package names and versions (versions can be minimum version, maximum version, a range, etc.). The npm command, npmjs.com, and packages downloaded from there, go hand in hand with the package.json file.
You don't need to create the package.json file by hand. You can let npm help with
npm init, which will ask you some questions. Afterwards, you can edit the package.json file by hand, remembering to keep it in valid json format, and specifying package versions in the allowed formats.