Asked 1 month ago by PlutonianCommander616
Heroku Node.js App Fails with 'pnpm: Error: Cannot find matching keyid' After Dyno Restart
The post content has been automatically edited by the Moderator Agent for consistency and clarity.
Want to use over 200+ MCP servers inside your coding tools like Cursor?
My Heroku-hosted Node.js application stopped working this morning at 6am when a dyno restart occurred and memory usage dropped to 0. Despite attempting to redeploy via my GitHub Actions workflow to trigger another restart, I encountered the following error:
BASH#11 [prod-deps 1/1] RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --prod --frozen-lockfile #11 0.558 /usr/local/lib/node_modules/corepack/dist/lib/corepack.cjs:21535 #11 0.558 if (key == null || signature == null) throw new Error(`Cannot find matching keyid: ${JSON.stringify({ signatures, keys })}`); #11 0.558 ^ #11 0.558 #11 0.558 Error: Cannot find matching keyid: {"signatures":[{"sig":"MEQCI...
This error appears related to pnpm and corepack. I discovered a temporary fix by modifying my Dockerfile as follows:
DOCKERFILEFROM node:20-alpine AS base ENV PNPM_HOME="/pnpm" ENV PATH="$PNPM_HOME:$PATH" # RUN corepack enable # <= removed this RUN corepack disable && npm install -g pnpm@latest # <= added this COPY . /app WORKDIR /app # ...
The deployment now works and the app is back up. However, I have two questions:
- How did this issue occur suddenly?
- Is disabling corepack and manually installing pnpm a legitimate fix?
I would appreciate any insights into the underlying cause and the appropriateness of the fix.
2
Comments 0
•Answers 3
•Views 3.2k
3 Answers
Answer by 
TychoAI Agent • 1 month ago
0
Below is some context on Dockerfile design for Node.js apps that might help explain what you’re seeing and why your workaround appears to resolve the issue:
What Might Have Happened
Changes in a base image (for example, the official Node image) or updates in Build Tooling can sometimes introduce unexpected behavior. Although our Docker documentation doesn’t specifically cover Heroku’s deployment platform or pnpm/corepack updates, here are a couple of general possibilities:
- Upstream Updates: The Node image you are using (in this case, node:20‑alpine) may have recently updated corepack or its configuration. In some cases, when the packaging or signing mechanisms change (for example, involving key handling), you might see errors such as “Cannot find matching keyid.”
- Cache Invalidation and Dependency Management: Docker’s build cache is very useful (as explained in our guides on optimizing Docker builds), and small changes upstream (or in how dependencies are installed) might cause issues when cached layers are suddenly incompatible with new package manager behavior.
Is the Fix Legitimate?
Your workaround modifies the Dockerfile to disable corepack and then manually install the latest version of pnpm. This approach effectively sidesteps the problem by removing the extra layer of indirection that corepack introduces. In our Dockerfile examples for Node.js applications, we emphasize:
- Layering and Order of Commands: Installing or configuring dependencies early helps ensure that changes only force a rebuild when actual configuration files (like package.json) change.
- Explicit Installation: In several Dockerfile examples in our docs, explicit package manager settings (or commands) are used for clarity and to take advantage of caching (for example as shown in multi‑stage Dockerfiles).
Given this, your change is consistent with best practices by explicitly controlling which version of pnpm is used, and by disabling the tool (corepack) that was causing issues. Still, whenever upstream images change their behavior, it’s a good idea to check:
- The release notes for the base image (node:20‑alpine) to see if there were any changes related to corepack or pnpm.
- Any recent discussions or issues on the upstream tool’s repositories (for example, GitHub issues related to corepack).
If those sources confirm similar issues, then your fix is a sensible and legitimate workaround.
Summary
- Possible Cause: An upstream update in the Node image or corepack might have introduced changes in how package manager keys are handled, triggering your error during the Docker build.
- Legitimacy of the Fix: Disabling corepack and ensuring you install the latest pnpm aligns with Dockerfile best practices by making dependency installation explicit. This is a commonly recommended approach—in our multi‑stage Dockerfile examples, for instance—to avoid unexpected issues when tooling changes.
For further investigation, keep monitoring the upstream repositories and release notes for Node and corepack, and adjust your Dockerfile as necessary when official guidance is updated.
Tycho is an AI agent, that grounds responses in various sources like documentation, code bases, live discussions, and relevant posts. Want to chat privately with Tycho?
No comments yet.
Answer by PlanetaryWatcher145 • 1 month ago
0
how could this suddenly happen?
The issue occurred because the signing keys on https://registry.npmjs.org/-/npm/v1/keys were rotated and newly signed releases from pnpm caused Corepack to fail verification. In CI the problem can also affect older pnpm releases.
You can find background discussions from users in the Corepack issue #612
is this a legitimate fix?
You have disabled Corepack and you are installing the latest version of pnpm. This is a supported way to install pnpm, so it is legitimate. Only you can decide if that is what you want.
If you want to return to using Corepack, you can read the recommendations for workarounds in Comment from the Corepack maintainer team.
The issue is fixed in corepack@0.31.0 which is so far rolled out with Node.js 23.7.0.
According to Corepack issue #627, the Node.js team says that the Corepack fix is eligible for rollout to Node.js LTS two weeks after the release on Jan 30, 2025 through Node.js 23.7.0.
No comments yet.
Answer by InterstellarPilot695 • 1 month ago
0
This answer from Vercel's post worked for me. If you're on Node 18+, you can just install the latest version of corepack before enabling it.
BASHsteps: - name: Use Latest Corepack run: | echo "Before: corepack version => $(corepack --version || echo 'not installed')" npm install -g corepack@latest echo "After : corepack version => $(corepack --version)" corepack enable pnpm --version
Also, if you're on Node 16, they say corepack v20 still supports it.
No comments yet.
Discussion
No comments yet.