Catch lockfile drift before CI does.
Upload a repository ZIP and Lockfile Doctor checks package.json, lockfiles, Dockerfiles, and GitHub Actions workflows for the mismatch that makes clean builds explode.
Suggested patch
Inspects real files
Reads package.json, lockfiles, workflow YAML, and Dockerfiles. No vague AI guessing.
Red/yellow/green deploy score
Prioritizes issues that break clean installs: wrong manager, missing lockfile, Node version drift, missing Corepack.
Copy-paste fixes
Returns exact files, line numbers where possible, and patches you can drop into a PR.
What it catches
- โ pnpm lockfile but GitHub Actions still runs npm ci
- โ Dockerfile install layer missing the matching lockfile
- โ packageManager not pinned for Corepack
- โ Node 22 locally, Node 20 in CI, Node 18 in Docker
- โ multiple stale lockfiles in one deploy target
Why now?
CI installs are getting stricter: frozen lockfiles, Corepack, pnpm version rules, and supply-chain hardening are good things. They also turn sloppy package-manager drift into Friday-night deploy failures.
Frequently Asked Questions
Is this an AI wrapper?
No. The scanner uses deterministic parsing and rules against the files you upload.
Do you store my source code?
No. ZIPs are processed in memory for the request and not persisted.
Which stacks does it support?
JavaScript and TypeScript repos using npm, pnpm, yarn, or Bun, plus GitHub Actions and Dockerfiles.
Will it detect every dependency issue?
No scanner can. This targets the highest-leverage deploy drift failures before you waste a CI run.