When to use default.nix, e.g.: hyprlock

Literally anything. Could be a module, package expression, an expression that points at a package expression… hence one motivation for flakes was to standardise the interface a bit. Either way you would have to read the code to know what it does, anyway.

In this case it’s a package expression, which can be callPackage-d. More on that at Package parameters and overrides with callPackage — nix.dev documentation.

Other than that this seems like the same question as in Managing package repos - - `stable`, `unstable`, Flakes