Skip to content
Latchkey

NuGet "packages.lock.json is out of date" (NU1004) in CI

CI restored with --locked-mode, but the dependencies in your project no longer match the committed packages.lock.json. NuGet refuses to silently change the lock and fails instead.

What this error means

dotnet restore --locked-mode fails with NU1004 saying the lock file is inconsistent or out of date. It happens after someone changes a PackageReference without regenerating the lock file.

dotnet restore output
error NU1004: The packages lock file is inconsistent with the project dependencies
so restore can't be run in locked mode. Disable the RestoreLockedMode MSBuild property
or pass an explicit --force-evaluate option to run restore to update the lock file.

Common causes

Dependencies changed without re-locking

A PackageReference was added, removed, or bumped without regenerating packages.lock.json, so the lock and the project graph disagree.

Lock file not committed

If packages.lock.json is gitignored or stale, locked-mode restore in CI cannot reproduce the resolved set and flags the mismatch.

How to fix it

Regenerate and commit the lock file

Re-evaluate the graph to refresh the lock, then commit it.

Terminal
dotnet restore --force-evaluate
git add **/packages.lock.json && git commit -m "Update NuGet lock file"

Keep locked mode in CI

Restore in locked mode so a PR that changes dependencies without re-locking fails fast.

.github/workflows/ci.yml
dotnet restore --locked-mode
# or set in the project:
# <RestoreLockedMode>true</RestoreLockedMode>

How to prevent it

  • Run dotnet restore --force-evaluate after editing package references.
  • Commit packages.lock.json and enable RestorePackagesWithLockFile.
  • Use --locked-mode in CI to catch lock drift in pull requests.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →