pnpm ERR_PNPM_OUTDATED_LOCKFILE - Fix Frozen Lockfile Failure in CI
pnpm install in CI defaults to --frozen-lockfile, which refuses to modify pnpm-lock.yaml. If package.json no longer matches the lockfile, the install fails with ERR_PNPM_OUTDATED_LOCKFILE.
What this error means
pnpm install fails in CI with ERR_PNPM_OUTDATED_LOCKFILE, noting the lockfile is not up to date with one or more package.json files. Locally the same command would update the lockfile; in CI it is frozen by default.
ERR_PNPM_OUTDATED_LOCKFILE Cannot install with "frozen-lockfile"
because pnpm-lock.yaml is not up to date with package.json
Note that in CI environments this setting is true by default.Common causes
package.json changed without updating the lockfile
A dependency add/bump in package.json was not reflected in pnpm-lock.yaml, so the frozen install sees a mismatch.
The lockfile was not committed
The regenerated pnpm-lock.yaml was left uncommitted, so CI runs against a stale lockfile.
A workspace package.json changed
In a pnpm workspace, a change in any package’s package.json that the lockfile does not reflect triggers the error.
How to fix it
Update and commit pnpm-lock.yaml
Run install locally without the frozen flag to refresh the lockfile, then commit it.
pnpm install # updates pnpm-lock.yaml locally
git add pnpm-lock.yaml
git commit -m "chore: update pnpm-lock.yaml"Catch drift in PRs
- Run
pnpm install --frozen-lockfilein PR checks so drift fails early. - Commit pnpm-lock.yaml with every package.json change.
- For workspaces, regenerate after any child package.json change.
How to prevent it
- Always commit pnpm-lock.yaml with dependency changes.
- Leave frozen-lockfile enabled in CI.
- Regenerate the lockfile to resolve conflicts.