Skip to content
Latchkey

pnpm ERR_PNPM_OUTDATED_LOCKFILE - Fix Frozen Lockfile Failure in CI

pnpm install in CI defaults to --frozen-lockfile, which refuses to modify pnpm-lock.yaml. If package.json no longer matches the lockfile, the install fails with ERR_PNPM_OUTDATED_LOCKFILE.

What this error means

pnpm install fails in CI with ERR_PNPM_OUTDATED_LOCKFILE, noting the lockfile is not up to date with one or more package.json files. Locally the same command would update the lockfile; in CI it is frozen by default.

pnpm output
ERR_PNPM_OUTDATED_LOCKFILE  Cannot install with "frozen-lockfile"
because pnpm-lock.yaml is not up to date with package.json

Note that in CI environments this setting is true by default.

Common causes

package.json changed without updating the lockfile

A dependency add/bump in package.json was not reflected in pnpm-lock.yaml, so the frozen install sees a mismatch.

The lockfile was not committed

The regenerated pnpm-lock.yaml was left uncommitted, so CI runs against a stale lockfile.

A workspace package.json changed

In a pnpm workspace, a change in any package’s package.json that the lockfile does not reflect triggers the error.

How to fix it

Update and commit pnpm-lock.yaml

Run install locally without the frozen flag to refresh the lockfile, then commit it.

Terminal
pnpm install         # updates pnpm-lock.yaml locally
git add pnpm-lock.yaml
git commit -m "chore: update pnpm-lock.yaml"

Catch drift in PRs

  1. Run pnpm install --frozen-lockfile in PR checks so drift fails early.
  2. Commit pnpm-lock.yaml with every package.json change.
  3. For workspaces, regenerate after any child package.json change.

How to prevent it

  • Always commit pnpm-lock.yaml with dependency changes.
  • Leave frozen-lockfile enabled in CI.
  • Regenerate the lockfile to resolve conflicts.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →