Skip to content
Latchkey

Yarn Berry "YN0028: The lockfile would have been modified" in CI

Yarn Berry runs with --immutable in CI (via enableImmutableInstalls). It resolved dependencies, found the result would change yarn.lock, and refused because immutable installs forbid lockfile edits.

What this error means

yarn install fails with "YN0028: The lockfile would have been modified by this install, which is explicitly forbidden" during an immutable install in CI.

yarn
> YN0028: The lockfile would have been modified by this install, which is explicitly forbidden.
Error: The lockfile would have been modified by this install, which is explicitly forbidden.

Common causes

yarn.lock is out of date with package.json

A dependency changed but yarn.lock was not regenerated and committed, so an immutable install would need to rewrite it.

yarn.lock was not committed after a local install

The manifest change landed but the lockfile update was left uncommitted, so CI sees a stale lock.

How to fix it

Regenerate and commit yarn.lock

  1. Run yarn install locally (without --immutable) to update the lockfile.
  2. Commit the updated yarn.lock alongside the manifest change.
  3. Push so CI's immutable install matches.
Terminal
yarn install
git add yarn.lock
git commit -m "chore: update yarn.lock"

Keep --immutable in CI

Run installs immutably in CI so drift fails fast; do not switch to a mutable install to hide it.

.github/workflows/ci.yml
- run: yarn install --immutable

How to prevent it

  • Commit yarn.lock in the same commit as any dependency change.
  • Keep enableImmutableInstalls on in CI so drift is caught.
  • Resolve lock conflicts by re-running yarn install, not hand-editing.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →