Corepack "signature verification failed" in CI
Corepack verifies the integrity signature of the package-manager release it downloads. Verification failed because the Corepack bundled with your Node is older than the signing keys used for the requested pnpm/yarn version.
What this error means
corepack prepare or an auto-managed pnpm/yarn invocation fails with "Signature does not match" or "signature verification failed". It started after pinning a newer package-manager version with an older Node/Corepack.
Error: Cannot find matching keyid: {"signatures":[...]}
Internal Error: Signature does not match - corepack signature verification failedCommon causes
Stale Corepack bundled with Node
The Corepack version shipped with the pinned Node predates the signing keys for the requested package-manager release.
Pinned a very new package-manager version
packageManager points at a release signed with keys the old Corepack does not know.
How to fix it
Update Corepack
Install a newer Corepack that knows the current signing keys, then enable it.
npm install -g corepack@latest
corepack enable
corepack prepare pnpm@9.7.0 --activateUse a Node version with current Corepack
Bump the runner Node so its bundled Corepack matches the package-manager release you pin.
- Raise the Node version in the workflow.
- Align the packageManager field with a release that Node version can verify.
- Re-run corepack prepare to confirm verification passes.
How to prevent it
- Keep Corepack updated alongside the package-manager version you pin.
- Match the Node version to the package-manager release in packageManager.
- Avoid pinning a package-manager release newer than the runner Corepack can verify.