integrity checksum failed when using sha512 on "$ npm install"
See original GitHub issueDescribe the bug
When the user tries to install the packages using “$ npm install” in the project that contains one package from verdaccio registry, NPM throws the error: npm ERR! code EINTEGRITY. integrity checksum failed when using sha512
To Reproduce
- $ npm init -y
- $ npm install react --save
- $ npm install <anypackage> --registry http://localhost:4873
- $ rm -rf node_modules
- $ npm cache clean --force
- $ npm install
You should now get the error. Also, running
npm cache verify
does not help in this case.
Expected behavior
Verdaccio should respond with the correct checksum. It looks like verdaccio responds with different checksum hash after the user clears cache - this causes the installation to break as the old checksum was stored in the package-lock.json
file. Is there any way to ensure that verdaccio does not respond with new checksum hash?
Screenshots
Configuration File (cat ~/.config/verdaccio/config.yaml)
#
# This is the default config file. It allows all users to do anything,
# so don't use it on production systems.
#
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/master/conf
#
# path to a directory with all packages
storage: ./storage
# path to a directory with plugins to include
plugins: ./plugins
web:
title: Verdaccio
# comment out to disable gravatar support
# gravatar: false
# by default packages are ordercer ascendant (asc|desc)
# sort_packages: asc
auth:
customauth:
file: ./htp
# htpasswd:
# file: ./htpasswd
# Maximum amount of users allowed to register, defaults to "+inf".
# You can set this to -1 to disable registration.
# max_users: 1000
# a list of other known repositories we can talk to
uplinks:
npmjs:
url: https://registry.npmjs.org/
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
unpublish: $authenticated
proxy: npmjs
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $all
# allow all known users to publish/publish packages
# (anyone can register by default, remember?)
publish: $authenticated
unpublish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: npmjs
# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
server:
keepAliveTimeout: 60
middlewares:
audit:
enabled: true
# log settings
logs:
- { type: stdout, format: pretty, level: http }
#- {type: file, path: verdaccio.log, level: info}
#experiments:
# # support for npm token command
# token: false
# This affect the web and api (not developed yet)
#i18n:
#web: en-US
Environment information
N/A
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (3 by maintainers)
Top Results From Across the Web
ARTIFACTORY: NPM-integrity checksum failed when using ...
Possible workarounds to fix this issue: · Remove the node_modules and _cache folder from the .npm location along with the package.json file. ·...
Read more >node.js - When I run `npm install`, it returns with `ERR! code ...
json file, and ran npm cache clean --force , but it didn't work. My npm version is 5.3.0. The error: npm ERR! code...
Read more >[SOLVED] Fix npm ERR! code EINTEGRITY, integrity ...
Error meaning: ... Possible reasons: ... NOTE: In the past, for checksum generation, NPM used SHA1 method. The sha512 method is newer and...
Read more >[BUG] npm-install: Integrity checksum failed using sha 512 ...
I've tried doing many things seen on other threads: deleting package-lock.json + node_modules folder then running a clean npm install. npm cache ...
Read more >How to fix npm err code EINTEGRITY issue - Nathan Sebhastian
The EINTEGRITY error as seen above happens when there is a mismatch of the checksum value between the .tgz file and the lock...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Nope. I tried creating a POC and contacting NPM - it turns out that the issue was with the npm cli. Please mark this issue as resolved/closed as it is not a bug from Verdaccio
Thanks
I’d advise, try also with other packages managers,
pnpm
oryarn classic
which are pretty standard. That’s also helps as guide to double check where is the issue.