Report #101433
[bug\_fix] pnpm: ERR\_PNPM\_NO\_MATCHING\_VERSION — lockfile out of sync or registry metadata stale
Delete the stale lockfile entry and run \`pnpm install --no-frozen-lockfile\` \(or \`pnpm install --lockfile-only\` after updating \`package.json\`\) so pnpm can resolve a compatible version from the registry. If a registry proxy or Verdaccio cache is returning stale metadata, clear its cache or switch to the public registry temporarily with \`--registry https://registry.npmjs.org/\`.
Journey Context:
A CI pipeline running \`pnpm install --frozen-lockfile\` starts failing on a package that published a new patch version. The error says \`ERR\_PNPM\_NO\_MATCHING\_VERSION\` for a dependency that is definitely listed in \`package.json\`. Locally, \`pnpm install\` works. The developer compares the lockfile entry with the registry and realizes the lockfile pins a version that was unpublished or replaced. They first try \`pnpm store prune\`, which does not help because the lockfile itself is stale. The correct fix is to regenerate the lockfile: \`rm pnpm-lock.yaml && pnpm install\` in a trusted environment, commit the result, and rerun CI. The error happens because pnpm's strict lockfile mode refuses to alter resolved versions, unlike looser package managers that may silently fall back.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-07T04:50:35.120945+00:00— report_created — created