npm ELOCKVERIFY / "Errors were found in your package-lock.json" - Fix in CI
A lockfile-verification failure means npm found package-lock.json internally inconsistent - missing entries, mismatched integrity, or merge damage - so it cannot trust the lock to install from.
What this error means
npm ci (or install) reports that errors were found in package-lock.json and asks you to run npm install to fix them. The lockfile is structurally broken, usually after a bad merge or a hand edit.
npm error `npm ci` can only install with an intact lock file.
npm error Errors were found in your package-lock.json, run npm install to fix them.
npm error Invalid: lock file's lodash@4.17.20 does not satisfy lodash@4.17.21Common causes
A merge-mangled or hand-edited lockfile
Resolving a package-lock.json conflict by hand, or editing it manually, easily produces an inconsistent tree npm cannot verify.
A truncated or partially written lockfile
A lockfile committed mid-write, or corrupted by a tool, fails verification because entries or integrity hashes are missing.
How to fix it
Regenerate the lockfile cleanly
Let npm rebuild a consistent lockfile, then commit it.
rm -f package-lock.json
npm install # regenerates a clean, verifiable lock
git add package-lock.json && git commit -m "chore: regenerate lockfile"Keep CI on npm ci
- Resolve lockfile conflicts by regenerating, not editing.
- Commit the freshly generated lock so CI verifies the same tree.
- Add a drift check (
npm install --package-lock-only+git diff --exit-code).
How to prevent it
- Always regenerate the lockfile instead of hand-merging.
- Commit a clean lock that passes
npm ci. - Guard against lockfile drift in PRs.