This error occurs when npm commands like 'npm ci' or 'npm audit' cannot find a package-lock.json file in your project. The lock file is required to ensure reproducible installations across environments.
npm ERR! code ENOLOCKFILE indicates that the package-lock.json file is missing from your project directory. This file is critical because it locks all dependency versions to ensure every environment installs identical packages. The error most commonly occurs when running npm ci (clean install) in CI/CD pipelines, which strictly requires an existing lock file. Without package-lock.json, npm cannot guarantee reproducible builds—different environments might install different dependency versions, leading to unexpected behavior or bugs.
Run npm install to create or update the lock file. This is the primary solution if the file never existed.
npm installThis command reads your package.json and generates a package-lock.json containing exact versions of all dependencies.
After generating the lock file, add it to git and commit. This makes the file available to other developers and CI/CD systems.
git add package-lock.json
git commit -m "Add package-lock.json"
git pushThe lock file should always be committed alongside package.json.
Check your .gitignore file to ensure package-lock.json is not being ignored:
cat .gitignore | grep package-lockIf you see package-lock.json listed in .gitignore, remove that line. The lock file is essential and should be tracked.
Verify that npm is configured to generate lock files. Check your .npmrc file and global npm settings:
cat .npmrc
npm config get package-lockIf package-lock is set to false, enable it:
npm config set package-lock truenpm ci (clean install) is the recommended command for CI/CD pipelines because it installs exactly what's in package-lock.json without modifying it. npm install, by contrast, can update package-lock.json if versions don't satisfy constraints. For production deployments, always use npm ci with an existing package-lock.json to guarantee reproducible builds. If your project uses yarn instead of npm, you'll have yarn.lock instead of package-lock.json—these are not interchangeable.
npm ERR! code E401 npm ERR! 401 Unauthorized - Token has expired
Token has expired - npm authentication failure
npm ERR! code EAI_NODATA npm ERR! errno EAI_NODATA npm ERR! getaddrinfo EAI_NODATA registry.npmjs.org
How to fix "npm ERR! code EAI_NODATA - getaddrinfo EAI_NODATA"
npm ERR! code EMPTYPACKAGE npm ERR! Package contains no files
How to fix 'npm ERR! code EMPTYPACKAGE' - Package contains no files
npm ERR! code EWORKSPACEMISSING npm ERR! Workspace does not exist: packages/missing
How to fix "npm ERR! code EWORKSPACEMISSING - Workspace does not exist" error
npm ERR! code EADDRNOTAVAIL npm ERR! errno EADDRNOTAVAIL npm ERR! Address not available
How to fix "npm ERR! code EADDRNOTAVAIL - Address not available" error