npm ERR! code ELOCKVERIFY

What This Error Means

npm detected that the lockfile or dependency tree verification does not match what it expected.

How to Fix It

1. If you have a lockfile, regenerate it intentionally (delete node_modules, then run npm install).
2. Commit the lockfile changes and keep npm versions consistent across dev and CI.
3. If this happens only in CI, ensure CI uses the same Node/npm versions as local.

Why It Happens

• package-lock.json is out of sync with package.json (or was manually edited).
• Different npm versions generated different lockfile formats and metadata.
• A proxy registry served inconsistent metadata during lockfile generation.

How to Verify

1. Run npm ci (only if package-lock.json exists) and confirm verification succeeds.
2. Run npm ls and confirm the tree is consistent.

Manual checksum validation

1. Confirm lockfile exists and is not malformed: node -e "JSON.parse(require(\"fs\").readFileSync(\"package-lock.json\",\"utf8\")); console.log(\"ok\")".
2. Compare npm versions: node -v and npm -v (local vs CI).

Common CLI Output

npm ERR! code ELOCKVERIFY

npm ERR! Errors were found in your package-lock.json, run npm install to fix them.

How npm verifies package integrity

1. npm uses the lockfile to produce a deterministic dependency tree in CI.
2. When lockfile metadata is inconsistent or generated by different toolchains, verification can fail.
3. Keeping Node/npm versions aligned reduces lockfile drift.

Prevention Tips

• Pin Node/npm versions in CI.
• Avoid manual lockfile edits.
• Use a stable proxy/cache registry to reduce metadata drift.

Where This Can Be Triggered

    // verifies that the packages from the ideal tree will match
    // the same versions that are present in the virtual tree (lock file)
    // throws a validation error in case of mismatches
    const errors = validateLockfile(virtualInventory, arb.idealTree.inventory)
    if (errors.length) {
      throw this.usageError(
        '`npm ci` can only install packages when your package.json and ' +