integrity checksum failed when using sha512 on "$ npm install"

Describe the bug

When the user tries to install the packages using “$ npm install” in the project that contains one package from verdaccio registry, NPM throws the error: npm ERR! code EINTEGRITY. integrity checksum failed when using sha512

To Reproduce

• $ npm init -y
• $ npm install react --save
• $ npm install <anypackage> --registry http://localhost:4873
• $ rm -rf node_modules
• $ npm cache clean --force
• $ npm install You should now get the error. Also, running npm cache verify does not help in this case.

Expected behavior

Verdaccio should respond with the correct checksum. It looks like verdaccio responds with different checksum hash after the user clears cache - this causes the installation to break as the old checksum was stored in the package-lock.json file. Is there any way to ensure that verdaccio does not respond with new checksum hash?

Screenshots

Configuration File (cat ~/.config/verdaccio/config.yaml)

#
# This is the default config file. It allows all users to do anything,
# so don't use it on production systems.
#
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/master/conf
#

# path to a directory with all packages
storage: ./storage
# path to a directory with plugins to include
plugins: ./plugins

web:
  title: Verdaccio
  # comment out to disable gravatar support
  # gravatar: false
  # by default packages are ordercer ascendant (asc|desc)
  # sort_packages: asc

auth:
  customauth:
    file: ./htp
  # htpasswd:
    # file: ./htpasswd
    # Maximum amount of users allowed to register, defaults to "+inf".
    # You can set this to -1 to disable registration.
    # max_users: 1000

# a list of other known repositories we can talk to
uplinks:
  npmjs:
    url: https://registry.npmjs.org/

packages:
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    unpublish: $authenticated
    proxy: npmjs

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $all

    # allow all known users to publish/publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated
    unpublish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry        
    proxy: npmjs

# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.        
server:
  keepAliveTimeout: 60

middlewares:
  audit:
    enabled: true

# log settings
logs:
  - { type: stdout, format: pretty, level: http }
  #- {type: file, path: verdaccio.log, level: info}
#experiments:
#  # support for npm token command
#  token: false

# This affect the web and api (not developed yet)
#i18n:
#web: en-US

Environment information

N/A