90

This is the issue that I am facing when running the command npm ci to install dependencies in my GitHub Action file.

I am working on an expo managed app and using GitHub Actions as a CI for triggering builds whenever I push my code to developmemt branch.

Here's my build script:

name: EAS PIPELINE
on:
  push:
    branches:
      - development
  workflow_dispatch:

jobs:
  build:
    name: Install and build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          persist-credentials: false

      - name: Setup Node.js
        uses: actions/setup-node@v1
        with:
          node-version: 14.x

      - name: Setup Expo
        uses: expo/expo-github-action@v6
        with:
          expo-version: 4.x
          token: ${{ secrets.EXPO_TOKEN }}
          expo-cache: true

      - name: Install dependencies
        run: npm ci

      - name: Build on EAS
        run: EAS_BUILD_AUTOCOMMIT=${{1}} npx eas-cli build --platform all --non-interactive

Here's the issue that I am facing Install dependencies step.

Run npm ci
  npm ci
  shell: /usr/bin/bash -e {0}
  env:
    EXPO_TOKEN: ***
npm ERR! cipm can only install packages with an existing package-lock.json or npm-shrinkwrap.json with lockfileVersion >= 1. Run an install with npm@5 or later to generate it, then try again.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2021-10-28T15_16_06_934Z-debug.log
Error: Process completed with exit code 1.
Improve this question
0

21 Answers 21

Reset to default
58

After a lot of research, I was able to figure out that this happens when you are not using npm install for installing dependencies. In my case, I was only using yarn for the dependencies so I was only having yarn.lock file and no package-lock.json file.

  • One way to resolve this was using npm install to install the dependencies, then you'll have a package-lock.json file and CI won't throw any error.

  • And the other way if you only want to use yarn, then you need to update that step in your eas-pipeline.yml file for installing the dependencies.

*****************************************************************************************

      - name: Install dependencies
        run: |
          if [ -e yarn.lock ]; then
          yarn install --frozen-lockfile
          elif [ -e package-lock.json ]; then
          npm ci
          else
          npm i
          fi

***************************************************************************************

As I wasn't able to find any solution on StackOverflow and it is our first go-to place to look for any issue. So, I decided to write this answer here.

Here's the original answer: https://github.com/facebook/docusaurus/issues/2846#issuecomment-691706184

Improve this answer
1
  • 5
    Unless you want to write some generic install script that works in multiple scenarios, you probably want to stick with either yarn or npm but not mix the two. If you use npm install locally, use yarn install --frozen-lockfile in CI.
    – rethab
    Commented Nov 16, 2021 at 7:36
43

I had a similar error:

`npm ci` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with `npm install` before continuing.

with a bunch of missing dependency names following this error.

I would run npm ci locally and it would run successfully. However, it would give me the error above when npm ci is run in the CI pipeline and in my case it was because of the version difference of the Node.js installed in the environment that Jenkins pipeline is running in.

My local Node version was 16.x and in Jenkins container it was 12.x.

Upgrading it fixed.

Improve this answer
6
  • 2
    We had the same thing happen. I'm theorizing a new version of npm is being a little stricter on how it checks compatibility. We're using overrides, and some of our developers didn't have a version of npm that respects the overrides in package.json.
    – StriplingWarrior
    Commented Apr 13, 2022 at 22:08
  • 1
    Had the same thing too. Something between npm version 8 and 8.5 seemed to be breaking the build in the same way as you in GitHub Actions. In my case specifying node-version: '17.9.0' which uses npm 8.5.5 to the workflow fixed it. Thank you for the heads up.
    – user115014
    Commented Jun 16, 2022 at 15:31
  • 1
    The same thing happened here, I had 16.3.2, and CI was 16 :shrug:
    – ncubica
    Commented Aug 8, 2022 at 5:24
  • Downgrading my node js version to 16.0.0 worked for me
    – Rex Omiv
    Commented Sep 22, 2022 at 1:44
  • Similar story for me. I had node 16.14..0 and npm 8.3.1 in my development environment, where I ran npm install. The CI box had node 16.17.1 and npm 8.15.0 installed. So something has changed in npm between 8.3 and 8.15. I upgraded my development environment to be the same version as the CI environment and it built successfully.
    – John Jeffery
    Commented Oct 9, 2022 at 0:47
34

This same thing happened to me, and I couldn't figure it out for the longest time. It turns out that I had legacy-peer-deps=true set globally, and I had no idea.

This caused my npm install command to alter the package-lock.json in a way that broke the build on our CI server. I reset package-lock.json with the version from master, removed that npm config, and reinstalled. Everything worked fine after that.

Improve this answer
5
  • For what it's worth this was the issue that was the cause for me and my team. Removing or disabling the legacy-peer-deps setting made my local like CI. Thanks Spencer
    – Zander
    Commented Oct 11, 2022 at 8:46
  • 6
    Thanks this was my issue. I had legacy-peer-deps=true in my .npmrc file.
    – Andrew Winter
    Commented Nov 9, 2022 at 4:43
  • I wasted hours searching for the cause of my error only to find this. You're a life saver! More like a time saver! haha. Thank you!
    – Xander Selorm
    Commented Nov 17, 2022 at 13:42
  • Unfortunately I didn't find this before solving on my own. For what it's worth, the same is true for any other npm settings, they have to be identical.
    – liakoyras
    Commented Jul 4, 2023 at 10:17
  • Thanks a ton. This was causing the issue for me as well.
    – dSebastien
    Commented May 14 at 7:03
27

It looks like your package.json and package-lock.json is not synced.

Try to run this npm install --package-lock-only. It will generate package-lock.json that is synced on your package.json

Improve this answer
1
  • Ensuring the package.json and package-lock.json are synced is the simplest solution here so, while it might not work for everyone, this is what I would try first. I deleted my package-lock.json and then did npm install and after that npm ci worked fine.
    – Robert Bracco
    Commented Jul 28, 2023 at 12:42
13

Old post, but I found this while searching for this same error. In my case I did have a package-lock.json file in my root directory. However, when opening it, I realized that there was a JSON syntax error that slipped in during a previous merge conflict. After running npm i again the file was fixed. The npm ERR! The 'npm ci' command can only install with an existing package-lock.json wasn't a super helpful error in that case.

Improve this answer
1
  • 1
    Agreed, just experienced this. It would be better if npm warned of a detected package-lock.json that is unparseable.
    – Nabil Freeman
    Commented Jun 26, 2023 at 13:23
10

I struggled for about 5 hours with AWS Amplify because apparently my package-lock.json and package.json were not synced up; nothing I did with my own code fixed the issue (even deleting the package-lock.json), what ended up working was changing my preBuild settings inside of the App build specification inside the Build Settings tab of the Amplify page.

My yml file ended up looking like this:

version: 1
frontend:
  phases:
    preBuild:
      commands:
        - npm install --package-lock-only
        - npm ci
    build:
      commands:
        - npm run build
  artifacts:
    baseDirectory: build
    files:
      - '**/*'
  cache:
    paths:
      - node_modules/**/*

noteably the only difference from the default is including -npm install --package-lock-only to sync up the files inside AWS. Maybe a bit obvious, but I got stuck on it for a few hours and hope I can help someone out down the line.

Improve this answer
2
  • 1
    Thank you mate. Same on local docker env
    – Sergey Romanchuk
    Commented Aug 10, 2023 at 10:46
  • 2
    Downvote because this defeats the purpose of using npm ci in the first place. This updates your package-lock.json to match your package.json, which is what npm ci is intended to avoid. You may as well just use npm install instead.
    – robere2
    Commented Jan 7 at 18:09
5

In my case I was running into this same issue when attempting to deploy it to Firebase. when I ran firebase deploy --only functions it would produce this error and fail to properly deploy the function. I attempted all of the steps here. Deleting package-lock.json then running npm i did not work. Upgrading then downgrading my node version with a node version manager (nvm) did not work.

What finely worked was deleting the package-lock.json file and not running npm install afterwards. When I ran firebase deploy --only functions it successfully deployed.

BE AWARE: Although this solution worked for me, it can lead to other complications further down the line.

Improve this answer
1
  • Nothing else in this list worked for me but this. Thanks. A night before I deployed successfully, then a small change triggered all this issue.
    – Ernesto Vallejo García
    Commented Nov 17, 2023 at 17:43
3

For the people who has this issue on AWS Amplify. You might have to run npm install and commit the package-lock.json file, then deploy again.

Improve this answer
0
3

After battling with this issue for about 2 days, It's finally deploying successfully to Firebase Functions after deleting package-lock.json from both the src and src/functions folders.

Improve this answer
2

If you're using pnpm, you install node dependencies via this step:

      - name: Install Node.js dependencies
        run: |
          npm i -g pnpm
          pnpm i
Improve this answer
2

This occurred because the package lock file was not generated with npm, despite the fact that the npm ci requires npm to install the packages. And because npm requires package-lock.json, we get this error. To fix this error for GitHub actions, this what I did:

    - run: yarn install --frozen-lockfile
    - run: yarn lint
    - run: yarn test:ci

Commit diff:

enter image description here

Improve this answer
1

In my case, I had this error with npm ci while using Yarn. I eventually figured out the version of Node I was using wasn't supported. I did the following:

  • node -v to confirm my node version (18.0.1)
  • nvm use 16.13.0
  • Delete the node_modules directory
  • Delete yarn.lock
  • Run yarn
  • Run yard add + package names

After this, the error no longer occurred and the app deployed correctly.

Improve this answer
1

If you have regenerated your package-lock.json file and you're still getting the same error consider the following:

  1. Ensure you are using the same node versions across environments

  2. Regenerate the package-lock.json file with the same version you're using in your CI or docker. i.e. npm install --package-lock-only

  3. Check your .npmrc, in my case, it was because --legacy-per-deps=true when I was trying to npm audit --fix

Improve this answer
1

It took a combination of a few different things for me:

  • delete node_modules folder and package-lock.json file
  • run npm cache clean --force
  • update package.json to include engines which match the CI environment:
  // package.json
  "engines": {
    "node": "18.20.2",
    "npm": "10.5.0"
  },
  • make sure the correct node version was installed and being used (nvm install 18.20.2 && nvm use 18.20.2)
  • run npm install
  • commit and push the changes in the package-lock.json file
Improve this answer
0

This happens sometimes because of the version difference of the Node.js installed in the environment that the pipeline is running in. To fixe this, I ran: $ firebase init hosting:github then type Y to set up workflow when asked to. finally, add "npm i" as one of the scripts to run before deploying like this: npm i && npm ci && npm run build

Improve this answer
0

I was using npm package manager and migrated to yarn package manager removing package-lock.json file.

I had this configuration in my .circleci/config.yml file

- node/install-packages

changed to

- node/install-packages:
          pkg-manager: yarn
Improve this answer
2
  • Not really a solution for "making npm work"
    – sean
    Commented Aug 3, 2022 at 12:44
  • you are right the solution is not to make npm work but I saw a similar error message when I migrated my project from npm to yarn that is why I thought it was important adding this comment here
    – cristian.nieto.dev
    Commented Aug 18, 2022 at 17:51
0

In my case the problem were some 'extraneous' packages, concretely local path dependencies. After removing them from package.json the problem was solved.

I got the error message while running npm install instead of npm ci.

Improve this answer
0

On package.json I change this :

"overrides": {
    "trim-newlines": "^3.0.1"
 },

to : `

"overrides": {
    "trim-newlines": "^1.0.0"
  }

`

That Work for me successfully.

Improve this answer
0

My problem was: I have changing some dependencies in package.json, so package.json didnt matches packages.lock.json. This was the error.

Improve this answer
-1

deleting deploy.json helped me, since the token is updated when overwritten

rm ~/.config/configstore/@vkontakte/vk-miniapps-deploy.json

but I have other services

Improve this answer
-1

I had a similar problem deploying to heroku. I simply deleted the existing package-lock.json file and then ran

    npm install

Merging the new lock file fixed the deploy.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.