Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

npm WARN tar TAR_ENTRY_INVALID checksum failure

See original GitHub issue

Your Environment

verdaccio version: 5.2.0
node version: v16.13.0
package manager: npm@8.1.0
os: linux
platform: npm

Describe the bug I’m on some of my machines getting this error when trying to run npm install:

npm WARN tar TAR_ENTRY_INVALID checksum failure
npm WARN tar zlib: incorrect data check
npm WARN tarball tarball data for tailwindcss@http://npm.domain.com/tailwindcss/-/tailwindcss-1.9.6.tgz (sha512-nY8WYM/RLPqGsPEGEV2z63riyQPcHYZUJpAwdyBzVpxQHOHqHE+F/fvbCeXhdF1+TA5l72vSkZrtYCB9hRcwkQ==) seems to be corrupted. Trying again.
npm ERR! code EINTEGRITY
npm ERR! sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g== integrity checksum failed when using sha512: wanted sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g== but got sha512-7QC8r6XeNPgLqCwP+50iNnopVLbg6u2VQt9nRbSr9GtQbvxvspBfWchTeNlRB33Q/2bWRbqDKQXTNCrcj3SBJQ==. (199644 bytes)

I’m running it through an reverse proxy, using the exact example from the docs. I’ve tried setting diffent numbers to the server timeout, like 0 or something super high. No dice.

To Reproduce

Install latest Verdaccio. Use httpd reverse proxy clone a vue project, and run npm install

Expected behavior

Expected NPM to just install all the dependencies without issues.

Configuration File (cat ~/.config/verdaccio/config.yaml)

My config.yaml

#
# This is the default config file. It allows all users to do anything,
# so don't use it on production systems.
#
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/master/conf
#

http_proxy: http://npm.domain.com:4873/
#max_body_size: 100mb


# path to a directory with all packages
storage: /home/verdaccio/.local/share/verdaccio/storage
# path to a directory with plugins to include
plugins: ./plugins

web:
  enable: true
  title: NPM Repo 
  # comment out to disable gravatar support
  # gravatar: false
  # by default packages are ordercer ascendant (asc|desc)
  # sort_packages: asc
  # convert your UI to the dark side
  darkMode: true
  # logo: http://somedomain/somelogo.png
  # favicon: http://somedomain/favicon.ico | /path/favicon.ico

# translate your registry, api i18n not available yet
# i18n:
# list of the available translations https://github.com/verdaccio/ui/tree/master/i18n/translations
#   web: en-US

auth:
  htpasswd:
    file: ./htpasswd
    # Maximum amount of users allowed to register, defaults to "+inf".
    # You can set this to -1 to disable registration.
    # max_users: 1000

# a list of other known repositories we can talk to
uplinks:
  npmjs:
    url: https://registry.npmjs.org/

packages:
  '@*/*':
    # scoped packages
    access: $authenticated
    publish: $authenticated
    unpublish: $authenticated
    proxy: npmjs

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $authenticated

    # allow all known users to publish/publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated
    unpublish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs
# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
server:
  keepAliveTimeout: 500

middlewares:
  audit:
    enabled: true

# log settings
logs: { type: stdout, format: pretty, level: http }

#experiments:
#  # support for npm token command
#  token: false
#  # disable writing body size to logs, read more on ticket 1912
#  bytesin_off: false
#  # enable tarball URL redirect for hosting tarball with a different server, the tarball_url_redirect can be a template string
#  tarball_url_redirect: 'https://mycdn.com/verdaccio/${packageName}/${filename}'
#  # the tarball_url_redirect can be a function, takes packageName and filename and returns the url, when working with a js configuration file
#  tarball_url_redirect(packageName, filename) {
#    const signedUrl = // generate a signed url
#    return signedUrl;
#  }

# This affect the web and api (not developed yet)
#i18n:
#web: en-US

Environment information

Environment Info: System: OS: Linux 3.10 CentOS Linux 7 (Core) CPU: (12) x64 AMD Ryzen 5 3600 6-Core Processor Binaries: npm: 6.14.6 - /bin/npm Virtualization: Docker: 1.13.1 - /bin/docker NOTE: I’m not running it inside docker

Contribute to Verdaccio

I’m willing to fix this bug 🥇

Issue Analytics

State:
Created 2 years ago
Comments:9 (8 by maintainers)

Top GitHub Comments

2reactions

dasmikkocommented, Nov 11, 2021

Oh snap, I think i solved it!

I had a suspicion, that maybe the gzip compression in httpd could mess up the request, to I disabled it on my virtual host, with this line:

SetEnv no-gzip 1

so my virtual host look like this now:

<VirtualHost *:80>
        ServerName npm.domain.com
        SetEnv no-gzip 1
        ProxyPreserveHost On
        AllowEncodedSlashes NoDecode
        ProxyPass / http://127.0.0.1:4873/ nocanon
        ProxyPassReverse / http://127.0.0.1:4873/
</VirtualHost>

Now it works without issues on my machines, that had issues before.

1reaction

dasmikkocommented, Nov 11, 2021

Pull request has been made 🎊