Skip to content
Latchkey

GitHub Actions "Dependencies lock file is not found" (setup-node cache)

setup-node's built-in cache keys on a lockfile. If no package-lock.json, yarn.lock, or pnpm-lock.yaml is found at the expected path, it cannot compute the cache key and fails.

What this error means

The setup-node step fails with "Dependencies lock file is not found" listing the patterns it searched, usually when the lockfile lives in a subdirectory or was not committed.

github-actions
Error: Dependencies lock file is not found in /home/runner/work/repo/repo. Supported file patterns: package-lock.json, npm-shrinkwrap.json, yarn.lock

Common causes

Lockfile in a subdirectory

The project lives in a subfolder (monorepo package), but the cache search runs from the repo root and finds no lockfile there.

Lockfile not committed

package-lock.json / yarn.lock is gitignored or never committed, so checkout produces a tree with no lockfile to key on.

How to fix it

Point the cache at the real lockfile

  1. Set cache-dependency-path to the lockfile location.
  2. Commit the lockfile so it is present after checkout.
  3. For monorepos, pass the subdirectory path or a glob.
.github/workflows/ci.yml
- uses: actions/setup-node@v4
  with:
    node-version: 20
    cache: npm
    cache-dependency-path: packages/app/package-lock.json

How to prevent it

  • Commit lockfiles and keep them out of .gitignore.
  • Set cache-dependency-path for non-root projects.
  • Run checkout before setup-node so the lockfile exists.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →