Dependabot "can't resolve your dependency files" in CI
Dependabot located the ecosystem you configured but could not parse a consistent dependency graph from the files in the target directory. Either the manifest is invalid, the lockfile is out of sync, or the directory in dependabot.yml points somewhere without a manifest.
What this error means
The Dependabot tab reports "Dependabot can't resolve your <ecosystem> dependency files" or "dependency file <path> not found", and the update run ends without opening PRs.
Dependabot can't resolve your JavaScript dependency files.
The dependency file "/frontend/package.json" was not found.Common causes
The directory in dependabot.yml is wrong
The directory: value does not contain the manifest for the ecosystem, so Dependabot reports the file as not found.
A malformed manifest or an out-of-sync lockfile
Invalid JSON/TOML/YAML in the manifest, or a lockfile that does not match it, stops Dependabot from building a resolvable graph.
How to fix it
Point directory at the real manifest location
- Confirm where the manifest lives relative to the repo root.
- Set
directoryto that path (usedirectoriesfor multiple roots). - Re-run "Check for updates" from the Dependabot tab.
updates:
- package-ecosystem: "npm"
directory: "/frontend"
schedule:
interval: "weekly"Repair the manifest and relock
Validate the manifest locally and regenerate the lockfile so it matches, then commit both. Dependabot resolves against a consistent pair.
npm install
git add package.json package-lock.jsonHow to prevent it
- Keep
directory(ordirectories) aligned with actual manifest paths. - Commit lockfiles that match their manifests.
- Validate manifest syntax in CI before merging changes to it.