Yarn lockfile out of date

What this failure means

Yarn was run with --frozen-lockfile (the recommended CI flag) but the yarn.lock file is either missing or no longer matches package.json.

Symptoms

Faultline looks for one or more of these log fragments:

your lockfile needs to be updated
yarn.lock: No such file or directory
error your lockfile needs to be updated
YN0028
The lockfile would have been modified by this install
lockfile is frozen

Diagnosis

Yarn was run with --frozen-lockfile (the recommended CI flag) but the yarn.lock file is either missing or no longer matches package.json.

Fix steps

1. Run yarn install locally.
2. Commit the updated yarn.lock.
3. Ensure yarn.lock is not in .gitignore.
4. If the repository uses Yarn workspaces, regenerate the lockfile from the workspace root with the same Yarn version used in CI.

Validation

• Re-run the failing workflow step.
• Confirm the original failure signature for Yarn lockfile out of date is gone.

Why it matters

--frozen-lockfile prevents Yarn from modifying yarn.lock during install, ensuring reproducible builds. If dependencies were updated locally without committing the new lockfile, the CI job fails.

Prevention

• Commit yarn.lock to source control.
• Use yarn install --frozen-lockfile in CI to catch drift early.
• Add a Renovate or Dependabot configuration to keep dependencies up to date automatically.
• Pin the Yarn version through Corepack or the base image so lockfile behavior stays consistent across environments.

How Faultline detects it

Use faultline explain yarn-lockfile to see the full playbook.

faultline analyze build.log
faultline explain yarn-lockfile

Generated from playbooks/bundled/log/build/yarn-lockfile.yaml. Do not edit directly.