Node package installation — ERESOLVE / npm ci lockfile mismatch

Log signatures

npm ci can only install packages when your package.json and package-lock.json
ERESOLVE unable to resolve dependency tree
Conflicting peer dependency
404 Not Found - GET https://registry.npmjs.org
ERR_PNPM_NO_MATCHING_VERSION

What’s happening

Three dominant variants: lockfile drift ("npm ci can only install packages when your package.json and package-lock.json...") — someone edited package.json without regenerating the lockfile, or merged two branches that each touched it; peer dependency conflict (ERESOLVE, Conflicting peer dependency) — two packages demand incompatible versions of a shared peer (React being the classic), and npm ≥7 made this a hard error; registry 404 ("404 Not Found - GET https://registry.npmjs.org/...", "is not in this registry") — a private package being fetched from the public registry (missing .npmrc scope config in CI), an unpublished version, or a dependency-confusion-prone name.

Fix playbook

1. 1Lockfile drift: regenerate locally with the same package manager and major version as CI (npm install, commit the lockfile). Mixed npm/pnpm/yarn lockfiles in one repo guarantee this failure — pick one.
2. 2ERESOLVE: read which two packages disagree. Upgrade the lagging one if an update exists. --legacy-peer-deps is a tourniquet: acceptable to unblock, never a permanent setting in CI.
3. 3Registry 404 on a scoped private package: the CI job is missing the .npmrc registry mapping or the auth token for your private registry. Fix config, not package.json.
4. 4Reproduce with the exact CI command — npm ci, not npm install. They behave differently by design.
5. 5Change the minimum: one constraint, re-lock, rerun.