Fixing out of sync project warning
You may receive one of the following errors in the CLI (including IDE or CI/CD):
Your package.json and yarn.lock are probably out of sync. Please run "yarn install" and try again”.
Your package.json and package-lock.json are probably out of sync. Please run "npm install" and try again”.
What does this mean?
Out of sync lock file
Sometimes a project may become out of sync between the lockfile and the manifest file. This might happen if the package.json is modified/updated, but the lockfile is not.
If Snyk tests detect this you will receive a warning that some dependencies will not be possible to test until the files are back in sync. This can be resolved by making sure the default branch of the project has a fully synced-up lockfile pushed to it after running npm install
or yarn install
.
In some cases, it may be necessary to delete the node_modules folder
and the package-lock.json
and run npm install
again to force a full reinstall.
You can also use the following argument to ignore out of sync errors:
--strict-out-of-sync=false
Unsupported lockfile version (npm)
If the out of sync error is not resolved even with a successful npm install
, please check your lockfile version. If the version of lockfile created is not currently supported, you may need to force a backward compatible lockfile version with npm install
--lockfile-version=<versionnumber>
.
eg:
npm install --lockfile-version=2
NPM9, Lockfile version 3, and Workspaces
GIT (SCM) support for npm9, lockfile version 3, and npm workspaces is currently in beta. If not participating in the Beta program, projects with these attributes will give an out of sync
message when using a GIT integration.
Please see Snyk for npm for latest details of current support matrix.
Closed Beta
This feature is currently under Closed Beta.
For more information please see this article: Snyk Closed Beta Features