Skip to content
Latchkey

npm ci "can only install with an existing package-lock.json" - Fix in CI

npm ci is the clean, reproducible install for CI, and it deliberately requires a committed lockfile. Without one it refuses to guess a tree and aborts.

What this error means

The CI install step fails immediately with a message saying npm ci can only install with an existing package-lock.json or npm-shrinkwrap.json. Local npm install works because it can create the lockfile on the fly.

npm
npm ERR! The `npm ci` command can only install with an existing
npm ERR! package-lock.json or npm-shrinkwrap.json with lockfileVersion >= 1.
npm ERR! Run an install with npm@5 or later to generate a package-lock.json file.

Common causes

No lockfile is committed to the repo

package-lock.json is missing or gitignored, so the clean checkout in CI has nothing for npm ci to install from.

The lockfile is in a different workspace directory

In a monorepo the job may run npm ci in a subfolder that has no lockfile because hoisting keeps it at the root.

How to fix it

Generate and commit a lockfile

  1. Run npm install locally to produce package-lock.json.
  2. Remove package-lock.json from .gitignore if it is listed.
  3. Commit the lockfile so the CI checkout contains it.
Terminal
npm install
git add package-lock.json
git commit -m "Add package-lock.json"

How to prevent it

  • Always commit package-lock.json, run npm ci (not npm install) in CI, and point the install step at the directory that actually contains the lockfile.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →