pnpm "ERR_PNPM_OUTDATED_LOCKFILE" with frozen-lockfile in CI
pnpm runs with --frozen-lockfile by default in CI. It compared pnpm-lock.yaml against every package.json and they disagree, so it refuses to update the lockfile and fails the job instead.
What this error means
pnpm install stops immediately with "ERR_PNPM_OUTDATED_LOCKFILE Cannot install with "frozen-lockfile" because pnpm-lock.yaml is not up to date with package.json" and names the workspace project that drifted.
ERR_PNPM_OUTDATED_LOCKFILE Cannot install with "frozen-lockfile" because pnpm-lock.yaml is not up to date with <ROOT>/package.json
Note that in CI environments this setting is true by default. If you still need to run install in such cases, use "pnpm install --no-frozen-lockfile"Common causes
A package.json changed without relocking
A dependency was added or bumped in a package.json but pnpm-lock.yaml was not regenerated and committed, so the two no longer match.
The lockfile was edited or partially committed
A merge resolved the manifest but not the lockfile, or the lockfile change was left out of the commit, leaving it out of date.
How to fix it
Relock locally and commit pnpm-lock.yaml
- Run
pnpm installlocally to regenerate the lockfile. - Commit the updated
pnpm-lock.yamlin the same change as the manifest edit. - Push so CI installs against a matching lockfile.
pnpm install
git add pnpm-lock.yaml
git commit -m "chore: update pnpm lockfile"Do not disable frozen-lockfile as a permanent fix
pnpm install --no-frozen-lockfile will silently rewrite the lockfile in CI, hiding drift and producing non-reproducible builds. Use it only to diagnose, then commit the result.
# diagnostic only - then commit the regenerated lockfile
pnpm install --no-frozen-lockfileHow to prevent it
- Always commit
pnpm-lock.yamlin the same commit as anypackage.jsonchange. - Keep
frozen-lockfileon in CI so drift fails fast instead of silently mutating. - Resolve lockfile conflicts by re-running
pnpm install, never by hand-editing the YAML.