Skip to content
Latchkey

npm ELOCKVERIFY / "Errors were found in your package-lock.json" - Fix in CI

A lockfile-verification failure means npm found package-lock.json internally inconsistent - missing entries, mismatched integrity, or merge damage - so it cannot trust the lock to install from.

What this error means

npm ci (or install) reports that errors were found in package-lock.json and asks you to run npm install to fix them. The lockfile is structurally broken, usually after a bad merge or a hand edit.

npm output
npm error `npm ci` can only install with an intact lock file.
npm error Errors were found in your package-lock.json, run npm install to fix them.
npm error     Invalid: lock file's lodash@4.17.20 does not satisfy lodash@4.17.21

Common causes

A merge-mangled or hand-edited lockfile

Resolving a package-lock.json conflict by hand, or editing it manually, easily produces an inconsistent tree npm cannot verify.

A truncated or partially written lockfile

A lockfile committed mid-write, or corrupted by a tool, fails verification because entries or integrity hashes are missing.

How to fix it

Regenerate the lockfile cleanly

Let npm rebuild a consistent lockfile, then commit it.

Terminal
rm -f package-lock.json
npm install            # regenerates a clean, verifiable lock
git add package-lock.json && git commit -m "chore: regenerate lockfile"

Keep CI on npm ci

  1. Resolve lockfile conflicts by regenerating, not editing.
  2. Commit the freshly generated lock so CI verifies the same tree.
  3. Add a drift check (npm install --package-lock-only + git diff --exit-code).

How to prevent it

  • Always regenerate the lockfile instead of hand-merging.
  • Commit a clean lock that passes npm ci.
  • Guard against lockfile drift in PRs.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →