diff --git a/npm-install/action.yml b/npm-install/action.yml
index ab416b7..4ceeef3 100644
--- a/npm-install/action.yml
+++ b/npm-install/action.yml
@@ -52,8 +52,8 @@ outputs:
 runs:
   using: 'composite'
   steps:
-    - name: 生成缓存key
-      id: cache-key
+    - name: 确定锁文件
+      id: lockfile
       shell: bash
       run: |
         LOCKFILE="${{ inputs.lockfile-name }}"
@@ -73,10 +73,25 @@ runs:
           fi
         fi
         
-        CACHE_KEY="${{ runner.os }}-${{ inputs.cache-prefix }}-$(echo '${{ hashFiles('${LOCKFILE}') }}' | head -c 12)"
-        echo "key=${CACHE_KEY}" >> $GITHUB_OUTPUT
         echo "lockfile=${LOCKFILE}" >> $GITHUB_OUTPUT
         echo "使用锁文件: ${LOCKFILE}"
+
+    - name: 生成缓存key
+      id: cache-key
+      shell: bash
+      run: |
+        # 根据检测到的锁文件生成hash
+        LOCKFILE="${{ steps.lockfile.outputs.lockfile }}"
+        if [[ -f "${LOCKFILE}" ]]; then
+          # 使用sha256计算文件hash并取前12位
+          HASH=$(sha256sum "${LOCKFILE}" | cut -d' ' -f1 | head -c 12)
+        else
+          echo "⚠️ 警告: 锁文件 ${LOCKFILE} 不存在，使用时间戳作为fallback"
+          HASH=$(date +%s | tail -c 8)
+        fi
+        
+        CACHE_KEY="${{ runner.os }}-${{ inputs.cache-prefix }}-${HASH}"
+        echo "key=${CACHE_KEY}" >> $GITHUB_OUTPUT
         echo "缓存key: ${CACHE_KEY}"
 
     - name: 拉取缓存依赖