debugjavascriptMajor
Lockfile conflicts: resolving merge conflicts in package-lock.json and pnpm-lock.yaml
Viewed 0 times
lockfile conflictpackage-lock.json mergepnpm-lock.yaml conflictgit merge lockfilefrozen lockfile CI
Error Messages
Problem
After merging two feature branches, the lockfile (package-lock.json or pnpm-lock.yaml) has git conflict markers. Committing the conflicted lockfile breaks installs for the whole team.
Solution
Never manually edit lockfile conflict markers. Let the package manager regenerate it.
# For package-lock.json (npm)
git checkout package.json # take 'theirs' or 'ours' — reconcile manually
npm install # npm regenerates the lockfile from package.json
git add package-lock.json
# For pnpm-lock.yaml
git checkout package.json # same — reconcile package.json first
pnpm install # pnpm regenerates pnpm-lock.yaml
git add pnpm-lock.yaml
# For yarn.lock
git checkout yarn.lock # take one version
yarn install --frozen-lockfile=false # or just: yarn install
git add yarn.lock
# For package-lock.json (npm)
git checkout package.json # take 'theirs' or 'ours' — reconcile manually
npm install # npm regenerates the lockfile from package.json
git add package-lock.json
# For pnpm-lock.yaml
git checkout package.json # same — reconcile package.json first
pnpm install # pnpm regenerates pnpm-lock.yaml
git add pnpm-lock.yaml
# For yarn.lock
git checkout yarn.lock # take one version
yarn install --frozen-lockfile=false # or just: yarn install
git add yarn.lock
Why
Lockfiles are machine-generated and their internal format encodes a full dependency graph with hashes. Manual resolution of conflict markers almost always produces an invalid or inconsistent graph. Regenerating from package.json is the only safe approach.
Gotchas
- First resolve conflicts in package.json, then regenerate the lockfile — not the other way around
- If both branches added different packages, keep all additions in package.json before running install
- CI pipelines using --frozen-lockfile will fail until the regenerated lockfile is committed and pushed
- pnpm-lock.yaml format is YAML and extremely sensitive to indentation — never edit by hand
Context
Resolving git merge conflicts after parallel branches both modified dependencies
Revisions (0)
No revisions yet.