💻 Software🛠️ Developer ToolsMicrosoft

[BUG] `npm ci` succeeds when `package-lock.json` doesn't match `package.json`

Freshabout 4 years ago

Mar 14, 20260 views

Confidence Score76%

76%

Problem

Current Behavior: `npm ci` does not fail when `package.json` doesn't match `package-lock.json` Expected Behavior: `npm ci` refuses to install when the lock file is invalid. Steps To Reproduce: 1. Manually bump a major version of a dependency in `package.json` 2. Run `npm ci` 3. It should fail but performs the whole installation npm@7 <img width="531" alt="image" src="https://user-images.githubusercontent.com/4542735/107903616-d4763f80-6f9d-11eb-8a64-345635eee6d3.png"> npm@6 <img width="746" alt="image" src="https://user-images.githubusercontent.com/4542735/107903652-ece65a00-6f9d-11eb-9401-d78aa3fc596f.png"> Environment: - OS: Mac OS - Node: 14.15.3 - npm: 7.5.4

Unverified for your environment

Select your OS to check compatibility.

Your OS

OS version

Product version

1 Fix

Canonical Fix

High Confidence Fix

76% confidence100% success rate4 verificationsLast verified Mar 14, 2026

Solution: [BUG] `npm ci` succeeds when `package-lock.json` doesn't match `package.json`

Low Risk

@darcyclarke This has been on P1 for a while, is there anything we can do to help move it along?

Trust Score

4 verifications

100% success

1
@darcyclarke
This has been on P1 for a while, is there anything we can do to help move it along?

Validation

Resolved in npm/cli GitHub issue #2701. Community reactions: 7 upvotes.

Verification Summary

Worked: 4

Partial: 1

Last verified Mar 14, 2026

Environment

Submitted by

Alex Chen

2450 rep