diff --git a/src/main/java/com/redhat/exhort/Provider.java b/src/main/java/com/redhat/exhort/Provider.java
index aee3a1a5..acd1e810 100644
--- a/src/main/java/com/redhat/exhort/Provider.java
+++ b/src/main/java/com/redhat/exhort/Provider.java
@@ -70,7 +70,12 @@ protected Provider(Ecosystem.Type ecosystem, Path manifest) {
    */
   public abstract Content provideComponent() throws IOException;
 
-  public boolean validateLockFile(Path lockFile) {
-    return true;
+  /**
+   * If a package manager requires having a lock file it must exist in the provided path
+   *
+   * @param lockFileDir Path to the directory where the lock file must exist
+   */
+  public void validateLockFile(Path lockFileDir) {
+    // Default implementation. Do not require a lock file.
   }
 }
diff --git a/src/main/java/com/redhat/exhort/providers/JavaScriptNpmProvider.java b/src/main/java/com/redhat/exhort/providers/JavaScriptNpmProvider.java
index 4f06102f..6564af63 100644
--- a/src/main/java/com/redhat/exhort/providers/JavaScriptNpmProvider.java
+++ b/src/main/java/com/redhat/exhort/providers/JavaScriptNpmProvider.java
@@ -232,4 +232,12 @@ Map<String, String> getNpmExecEnv() {
     }
     return null;
   }
+
+  @Override
+  public void validateLockFile(Path lockFileDir) {
+    if (!Files.isRegularFile(lockFileDir.resolve("package-lock.json"))) {
+      throw new IllegalStateException(
+          "Lock file does not exist or is not supported. Execute 'npm install' to generate it.");
+    }
+  }
 }
diff --git a/src/main/java/com/redhat/exhort/tools/Ecosystem.java b/src/main/java/com/redhat/exhort/tools/Ecosystem.java
index 6c5808ff..c50bd0a6 100644
--- a/src/main/java/com/redhat/exhort/tools/Ecosystem.java
+++ b/src/main/java/com/redhat/exhort/tools/Ecosystem.java
@@ -56,10 +56,7 @@ private Ecosystem() {
    */
   public static Provider getProvider(final Path manifestPath) {
     var provider = resolveProvider(manifestPath);
-    if (!provider.validateLockFile(manifestPath)) {
-      throw new IllegalStateException(
-          "Missing lock file for manifest file: " + manifestPath.toString());
-    }
+    provider.validateLockFile(manifestPath.getParent());
     return provider;
   }
 
diff --git a/src/test/java/com/redhat/exhort/providers/Golang_Modules_Provider_Test.java b/src/test/java/com/redhat/exhort/providers/Golang_Modules_Provider_Test.java
index 92fbacf6..95fc21e1 100644
--- a/src/test/java/com/redhat/exhort/providers/Golang_Modules_Provider_Test.java
+++ b/src/test/java/com/redhat/exhort/providers/Golang_Modules_Provider_Test.java
@@ -149,7 +149,8 @@ void Test_Golang_Modules_with_Match_Manifest_Version(boolean MatchManifestVersio
       String actualSbomWithTSStripped = dropIgnoredKeepFormat(sbomString);
 
       assertEquals(
-          getStringFromFile("msc/golang/expected_sbom_ca.json").trim(), actualSbomWithTSStripped);
+          dropIgnored(getStringFromFile("msc/golang/expected_sbom_ca.json")).trim(),
+          dropIgnored(actualSbomWithTSStripped));
     }
   }
 
@@ -163,7 +164,7 @@ void Test_Golang_MvS_Logic_Enabled() throws IOException {
             goModulesProvider.getDependenciesSbom(Path.of(goModPath), true).getAsJsonString());
     String expectedSbom =
         getStringFromFile("msc/golang/mvs_logic/expected_sbom_stack_analysis.json").trim();
-    assertEquals(expectedSbom, resultSbom);
+    assertEquals(dropIgnored(expectedSbom), dropIgnored(resultSbom));
 
     // check that only one version of package golang/go.opencensus.io is in sbom for
     // EXHORT_GO_MVS_LOGIC_ENABLED=true
@@ -188,10 +189,13 @@ void Test_Golang_MvS_Logic_Enabled() throws IOException {
   }
 
   private String dropIgnored(String s) {
-    return s.replaceAll("\\s+", "").replaceAll("\"timestamp\":\"[a-zA-Z0-9\\-\\:]+\",", "");
+    return s.replaceAll("goarch=\\w+&goos=\\w+&", "")
+        .replaceAll("\\s+", "")
+        .replaceAll("\"timestamp\":\"[a-zA-Z0-9\\-\\:]+\",", "");
   }
 
   private String dropIgnoredKeepFormat(String s) {
-    return s.replaceAll("\"timestamp\" : \"[a-zA-Z0-9\\-\\:]+\",\n    ", "");
+    return s.replaceAll("goarch=\\w+&goos=\\w+&", "")
+        .replaceAll("\"timestamp\" : \"[a-zA-Z0-9\\-\\:]+\",\n    ", "");
   }
 }
diff --git a/src/test/java/com/redhat/exhort/tools/Ecosystem_Test.java b/src/test/java/com/redhat/exhort/tools/Ecosystem_Test.java
index 05be587e..23e16991 100644
--- a/src/test/java/com/redhat/exhort/tools/Ecosystem_Test.java
+++ b/src/test/java/com/redhat/exhort/tools/Ecosystem_Test.java
@@ -17,6 +17,7 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import com.redhat.exhort.providers.JavaMavenProvider;
 import java.nio.file.Path;
@@ -36,4 +37,10 @@ void get_a_provider_for_a_pom_xml_file_should_return_java_maven_manifest() {
     var manifestPath = Path.of("/supported/manifest/pom.xml");
     assertThat(Ecosystem.getProvider(manifestPath)).isInstanceOf(JavaMavenProvider.class);
   }
+
+  @Test
+  void get_a_provider_with_missing_lock_file() {
+    var manifestPath = Path.of("src/test/resources/tst_manifests/npm/empty/package.json");
+    assertThrows(IllegalStateException.class, () -> Ecosystem.getProvider(manifestPath));
+  }
 }