Skip to content

ci: add lock file sync validation to prevent confusing npm install failures#6169

Open
Sekar-C-Mca wants to merge 1 commit intosugarlabs:masterfrom
Sekar-C-Mca:fix/issue-2-lockfile-validation
Open

ci: add lock file sync validation to prevent confusing npm install failures#6169
Sekar-C-Mca wants to merge 1 commit intosugarlabs:masterfrom
Sekar-C-Mca:fix/issue-2-lockfile-validation

Conversation

@Sekar-C-Mca
Copy link

@Sekar-C-Mca Sekar-C-Mca commented Mar 9, 2026
edited
Loading

Problem

When developers update package.json but forget to run npm install locally before pushing, CI workflows fail with cryptic npm ETARGET errors that don't explain the real issue. Developers waste time debugging npm registry problems when the actual solution is simple: update the lock file.

Previously saw:

npm error code ETARGET
npm error notarget No matching version found for gulp@^6.0.0

This misleading error wastes debugging time.

Solution

Add pre-installation validation to E2E, Lighthouse, and Jest workflows that detects when package-lock.json is out of sync with package.json. If detected, workflows fail immediately with a clear, actionable error message.

New behavior shows:

ERROR: package-lock.json is out of sync with package.json

This usually means package.json was modified but package-lock.json was not updated.

To fix this, run the following commands locally and commit the changes:
  1. npm install
  2. git add package-lock.json
  3. git commit -m 'chore: update lock file'
  4. git push

What's Changed

Added lock file sync validation step to:

  • .github/workflows/pr-cypress-e2e.yml (E2E Tests)
  • .github/workflows/lighthouse-ci.yml (Lighthouse CI)
  • .github/workflows/pr-jest-tests.yml (Jest Tests)

Testing

Tested in fork with two scenarios:

Test 1 - With Lock File Mismatch (PR #4)

  • Created PR with intentional package.json change without updating lock file
  • Result: Validation correctly detected mismatch
  • Result: Clear error message displayed with step-by-step fix instructions
  • Result: Cryptic npm ETARGET errors prevented

Test 2 - With Clean Lock Files (PR #5)

  • Created PR with no lock file issues
  • Result: Validation passes, workflows continue normally
  • Result: Jest Tests PASSED, Security Scans PASSED

Impact

  • Improves developer experience with clear, actionable error messages
  • Fails fast with correct diagnosis instead of confusing npm errors
  • Reduces debugging time for contributors unfamiliar with npm lock mechanisms
  • Works for both PRs and push events
  • Minimal performance impact (npm ci --dry-run only)

PR Category

  • Bug Fix
  • Feature
  • Performance
  • Tests
  • Documentation

@Sekar-C-Mca
ci: add lock file sync validation to prevent confusing npm install fa…
65fa335 
…ilures

Add pre-installation validation step in E2E, Lighthouse, and Jest workflows to detect when package-lock.json is out of sync with package.json. This provides clear, actionable error messages instead of cryptic npm ETARGET errors.

Affected workflows:
- pr-cypress-e2e.yml (E2E Tests)
- lighthouse-ci.yml (Lighthouse Performance Audit)
- pr-jest-tests.yml (Jest Unit Tests)

When lock files are mismatched, workflows now fail with:
- Clear error message explaining the problem
- Step-by-step instructions to fix it locally
- Guidance to run npm install and commit the lock file

This improves developer experience by eliminating confusion about npm registry vs lock file sync issues.
@github-actions
Copy link
Contributor

github-actions bot commented Mar 9, 2026

❌ Some Jest tests failed. Please check the logs and fix the issues before merging.

Failed Tests:

GraphicsBlocks.test.js

@github-actions github-actions bot added the performance Improves performance (load time, memory, rendering) label Mar 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

performance Improves performance (load time, memory, rendering)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Sekar-C-Mca