Back to Cookbook
KiloClaw

Lockfile Discipline Guardian

End "delete node_modules and pray" workflows

Enforce lockfile consistency to reduce install drift, merge conflicts, and CI-only failures. Provides a simple policy plus CI checks and merge guidance.

CommunitySubmitted by CommunityWork10 min

INGREDIENTS

🐙GitHub

PROMPT

Create a skill called "Lockfile Discipline Guardian". Given: - Repo and package manager choice - Current CI install commands Output: - A lockfile policy (do/don't) - A CI check spec that enforces reproducibility - A lockfile merge conflict resolution guide

How It Works

Lockfiles are essential for reproducible installs, but workflows can make them a source of

friction (conflicts, constant churn). This recipe introduces a disciplined approach.

Triggers

  • People delete lockfiles to "fix installs"
  • Lockfile merge conflicts are frequent
  • CI and local resolve dependencies differently

Steps

  1. Pick a single package manager per repo and document it.
  2. Enforce "install from lockfile" in CI (clean install).
  3. Add a lockfile consistency check:
  • lockfile is present,
  • lockfile matches the manifest,
  • only one lockfile type exists.
  1. Add merge conflict guidance for lockfiles (how to regenerate correctly).
  2. Establish a dependency update cadence (batched updates reduce churn).

Expected Outcome

  • More reproducible builds and fewer "works on my machine" incidents.
  • Less time wasted in dependency resolution chaos.

Example Inputs

  • "We have both yarn.lock and package-lock.json."
  • "Lockfile conflicts happen in every PR."
  • "CI resolves a different dependency tree than local."

Tips

  • Prefer batched updates to constant trickle churn.
Tags:#dependency-management#merge-conflicts#ci-cd#environment-setup