When npm ci complains about inconsistent package-lock.json/package.json it usually means that someone just changed package.json manually and did not invoked
npm i afterwards, and then pushed to remote.
So when that happens I usually do
npm i myself and then push correct package-lock to repo.
The problem is, when I figure this out It is already too late.
npm ci is removing node_modules before anything else. So
npm i does everything from zero. Which is slow. Which is annoying.