Menu
I've encountered this error when installing deps of my package:
$ npm i
npm ERR! code EINTEGRITY
npm ERR! sha1-tU7jWojzuU8MIY2VLAx+BwluNo0= integrity checksum failed when using sha1: wanted sha1-tU7jWojzuU8MIY2VLAx+BwluNo0= but got sha1-oXYP0kzpbhku0KU+phy353lbBhQ=. (26624 bytes)
npm ERR! A complete log of this run can be found in:
npm ERR! /home/tlenex/.npm/_logs/2017-06-22T10_18_19_773Z-debug.log
the problem is with my Modernizr dependency:
"dependencies": {
"Modernizr": "https://modernizr.com/download?setclasses-flash"
}
is there any way to solve this or ignore this integrity check?
Currently I have to run
npm i https://modernizr.com/download?setclasses-flash
again to get things working, which overrides the "integrity" field for "Modernizr" in my package-lock.json.
This may happen every time there is a change in Modernizr package fetched from this link and my package dependencies need to be reinstalled (for example, each time on CI build)
If there is no other way of solving this? I hope I wont have to place package-lock.json in my .gitignore file :(
More data about my enviroment:
$ npm -v
5.0.3
$ node -v
v6.11.0
530
package.lock.json. It contains basic information about the project. It describes the exact tree that was generated to allow subsequent installs to have the identical tree. It is mandatory for every project. It is automatically generated for those operations where npm modifies either node_modules tree or package.
Edit package-lock.json , find the one you want to skip in this case the one that its failing
sha1-tU7jWojzuU8MIY2VLAx+BwluNo0
and remove the integrity parameter from it i.e
},
"range-parser": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz",
"integrity": "sha1-9JvmtIeJTdxA3MlKMi9hEJLgDV4=",
"dev": true
},
to...
},
"range-parser": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz",
"dev": true
},
after that run npm install, will check the rest, skip this integrity
58
The point of the integrity field is to alert you when something has changed, so if you do not want it to exist, you can disable package-lock.json files in your npmrc. Just set package-lock=false
Note: I am the developer of Modernizr, and spoke with the npm-cli team about this issue. The root cause appears to be the change of the SHA type between npm5 and earlier versions. Nuking the node_modules folder will fix it
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
