Just sharing something I ran into the other day in case it helps others.
My CI is using pnpm v10.25, while I was developing locally with pnpm v9. Even though package.json didn’t change, the generated pnpm-lock.yaml checksum was different, which caused CI to fail.
After switching my local pnpm to v10.24, the lockfile matched again and CI passed without any other changes.
So yeah, pnpm major version differences (v9 vs v10) can definitely lead to different lockfile checksums. Minor differences within the same major version (like v10.24 vs v10.25) seem to be fine.
Make sure local pnpm and CI pnpm are on the same major version, or pin it explicitly in package.json using packageManager to avoid surprises.
{
"packageManager": "[email protected]"
}
Hope this saves someone some time.