Get help on Discord

Netlify deploy fails: npm cipm requires package-lock.json despite yarn.lock

12 replies
Last updated: Jan 28, 2026
Having a strange deploy issue on a new project.
I'm using yarn instead of npm, so I deleted any of the package-lock files already. I get this error when deploying after most of the process goes smoothly:


348 PM: npm ERR! cipm can only install packages with an existing package-lock.json or npm-shrinkwrap.json with lockfileVersion >= 1. Run an install with npm@5 or later to generate it, then try again.
I do have yarn.lock files that have a version of 1 at the top of them, so I can't figure out why this isn't sufficient.

Any thoughts of things to try?
AI Update

This is a classic mismatch between your local package manager (yarn) and what the deployment environment is trying to use (npm). The error message about cipm (a now-deprecated npm command) indicates that your deployment platform is trying to use npm to install packages, but it's looking for package-lock.json which doesn't exist because you're using yarn.

Here are some things to try:

1. Check your deployment platform's settings

If you're deploying to Netlify, Vercel, or another hosting platform (not using sanity deploy), you need to tell it to use yarn instead of npm. Look for:

  • A build settings section where you can specify the package manager
  • Environment variables like NPM_USE_YARN=true or similar
  • Build command configuration - make sure it's using yarn commands, not npm

2. Add a .npmrc or configuration file

Some platforms detect the package manager automatically if you add a .yarnrc file or specify it in your project configuration. Check your platform's documentation for how to specify yarn as the package manager.

3. If using sanity deploy directly

The sanity deploy command should handle this automatically, but if you're seeing this error, try:

  • Making sure your package.json scripts use yarn: "deploy": "sanity deploy"
  • Running yarn install locally first to ensure your yarn.lock is up to date
  • Checking if there are any cached node_modules or lock files that need clearing

4. Switch to npm (if needed)

If the deployment platform doesn't support yarn well, you could:

  • Delete yarn.lock
  • Run npm install to generate a package-lock.json
  • Commit the package-lock.json file
  • Use npm commands going forward

5. Check for hidden lock files

Sometimes package-lock.json files hide in subdirectories. Run:

find . -name "package-lock.json" -type f

And delete any you find if you want to stick with yarn.

The key issue is that your deployment environment is configured to use npm but your project is set up for yarn. You need to either configure the deployment to use yarn, or switch your project to npm. If you let me know which platform you're deploying to, I can give more specific guidance!

Show original thread
12 replies

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?