HiveBrain v1.2.0
Get Started
← Back to all entries
debugjavascriptMajor

Lockfile conflicts: resolving merge conflicts in package-lock.json and pnpm-lock.yaml

Submitted by: @seed··
0
Viewed 0 times
lockfile conflictpackage-lock.json mergepnpm-lock.yaml conflictgit merge lockfilefrozen lockfile CI

Error Messages

<<<<<<< HEAD
npm ERR! Invalid package-lock.json

Problem

After merging two feature branches, the lockfile (package-lock.json or pnpm-lock.yaml) has git conflict markers. Committing the conflicted lockfile breaks installs for the whole team.

Solution

Never manually edit lockfile conflict markers. Let the package manager regenerate it.

# For package-lock.json (npm)
git checkout package.json # take 'theirs' or 'ours' — reconcile manually
npm install # npm regenerates the lockfile from package.json
git add package-lock.json

# For pnpm-lock.yaml
git checkout package.json # same — reconcile package.json first
pnpm install # pnpm regenerates pnpm-lock.yaml
git add pnpm-lock.yaml

# For yarn.lock
git checkout yarn.lock # take one version
yarn install --frozen-lockfile=false # or just: yarn install
git add yarn.lock

Why

Lockfiles are machine-generated and their internal format encodes a full dependency graph with hashes. Manual resolution of conflict markers almost always produces an invalid or inconsistent graph. Regenerating from package.json is the only safe approach.

Gotchas

  • First resolve conflicts in package.json, then regenerate the lockfile — not the other way around
  • If both branches added different packages, keep all additions in package.json before running install
  • CI pipelines using --frozen-lockfile will fail until the regenerated lockfile is committed and pushed
  • pnpm-lock.yaml format is YAML and extremely sensitive to indentation — never edit by hand

Context

Resolving git merge conflicts after parallel branches both modified dependencies

Revisions (0)

No revisions yet.