What determines the resolution hash value? Seeing differences on CI vs locally for local package

[ercgrat]

Created a package within a package to create a custom eslint plugin. Added it like so: yarn add --dev ./eslint. The resulting yarn.lock entry contains a checksum. When yarn is run on CI and on GitHub actions, there is no checksum and the hash value in resolution is also different. What's accounting for this and can I control it? I realize creating a true repo and publishing this eslint package would be a workaround, but seems silly for a one-liner.

The actual error I see is:
YN0028: │ The lockfile would have been modified by this install, which is explicitly forbidden.

These are the only two resources I have found that seem relevant:
yarnpkg/yarn#1916
https://stackoverflow.com/questions/49501749/is-it-possible-to-ignore-the-dependency-hash-validation-of-just-one-module-or-r