pnpm lockfile mismatch or frozen install failed

What this failure means

The pnpm lockfile (pnpm-lock.yaml) is out of sync with package.json. CI uses --frozen-lockfile to ensure reproducible installs, so any discrepancy causes the install step to fail immediately.

Symptoms

Faultline looks for one or more of these log fragments:

ERR_PNPM_OUTDATED_LOCKFILE
ERR_PNPM_FROZEN_LOCKFILE
ERR_PNPM_LOCKFILE_VERSION
Cannot install with `frozen-lockfile`
pnpm-lock.yaml is not up to date
Lockfile is not up to date with
specifiers in the lockfile
don't match specs in package.json

Diagnosis

The pnpm lockfile (pnpm-lock.yaml) is out of sync with package.json. CI uses --frozen-lockfile to ensure reproducible installs, so any discrepancy causes the install step to fail immediately.

Fix steps

1. Run pnpm install locally to regenerate pnpm-lock.yaml.
2. Commit the updated pnpm-lock.yaml to the repository.
3. If using workspaces, run pnpm install from the workspace root.

Validation

• Re-run the local reproduction command after the fix.
• pnpm install
• git diff pnpm-lock.yaml

Why it matters

This happens when package.json dependencies are updated without running pnpm install to regenerate the lockfile, or when the lockfile is not committed after a dependency change.

Prevention

• Add a CI check: pnpm install --frozen-lockfile && git diff --exit-code pnpm-lock.yaml.
• Add a pre-commit hook that runs pnpm install when package.json changes.
• Use Renovate or Dependabot to keep the lockfile updated via automated PRs.

Try it locally

pnpm install
git diff pnpm-lock.yaml

How Faultline detects it

Use faultline explain pnpm-lockfile to see the full playbook.

faultline analyze build.log
faultline explain pnpm-lockfile

Generated from playbooks/bundled/log/build/pnpm-lockfile.yaml. Do not edit directly.