Matched signals
- npm ci can only install packages when your package.json and package-lock.json
- npm error `npm ci` can only install packages when your
- package.json and package-lock.json are in sync
- missing package-lock.json
- npm ERR! cipm can only install packages
- package-lock.json does not exist
- run `npm install` to generate a lockfile
npm ci lockfile mismatch
What this failure means
npm ci found a missing or out-of-sync package-lock.json.
Symptoms
Faultline looks for one or more of these log fragments:
npm ci can only install packages when your package.json and package-lock.json
npm error `npm ci` can only install packages when your
package.json and package-lock.json are in sync
missing package-lock.json
npm ERR! cipm can only install packages
package-lock.json does not exist
run `npm install` to generate a lockfile
Diagnosis
npm ci installs strictly from the lockfile. If package.json and package-lock.json disagree, CI fails instead of regenerating dependencies on the fly.
Fix steps
-
Regenerate the lockfile locally:
npm install -
Commit the updated
package-lock.json. -
Make sure
package-lock.jsonis not ignored. -
If the repo uses workspaces, regenerate the lockfile from the workspace root with the same npm major version used in CI.
Validation
- Run
npm cilocally. - Re-run the CI job.
- Check that
package-lock.jsonstays unchanged after the install step.
Why it matters
Lockfile mismatches break reproducibility. Fixing the lockfile keeps local installs and CI installs on the same dependency graph.
Try it locally
npm ci
npm ci
How Faultline detects it
Use faultline explain npm-ci-lockfile to see the full playbook.
faultline analyze build.log
faultline explain npm-ci-lockfile
Generated from playbooks/bundled/log/build/npm-ci-lockfile.yaml. Do not edit directly.