npm install: Verfication failed while extracting

Question

READ BEFORE ANSWER: I've already solved this issue. It was a caching issue on the npm servers. Everything works fine after switching to GitHub packages. I've already accepted my own answer.

---

---

---

I have a project, which I want to deploy to elastic beanstalk but sometimes the deploy fails on the npm install script with the following message:

npm ERR! code EINTEGRITY
npm ERR! Verification failed while extracting @my-package@^1.2.0:
npm ERR! Verification failed while extracting @my-package@^1.2.0:
npm ERR! sha512-lQ...HA== integrity checksum failed when using sha512: wanted sha512-lQ...HA== but got sha512-nH...ow==. (4835509 bytes)

It fails even on packages which are severel weeks old.

I’ve tried:

• npm cache clean --force

• npm cache verify

• node_modules is in .npmignore

• package-lock.json is in .npmignore

• Writing a mail to [email protected], but they replying always with some helpless default replies without any solution or intention to help.

It fails even on new elastic beanstalk instances.

I have no idea how to solve this problem.

EDIT: I've also tried to delete the npm cache while preinstall script, but it doesn't work either.

EDIT2: My repo has no package-lock.json.

EDIT3: My .npmrc file has the following content

      //registry.npmjs.org/:_authToken=${NPM_TOKEN}
      unsafe-perm=true
      package-lock=false
      strict-ssl=false

EDIT4: I think it wasn't clear: It's a private package on the official npm registry. And it doesn't fail always. The current publish process includes several attempts to deploy on aws instance so long as it's succeed.

Answer 1

Have u try to delete package-lock.json?

OR

Try to delete npm and npm-cache folders

THEN

re-run npm install

Answer 2

Not exactly your case, but for those who run into the "integrity checksum failed" error the following might help. But first make sure you understand what's going on. npm tells you that the checksum from https://registry.npm.org doesn't match the one from package-lock.json. Either it changed in the registry, or...

Consider a line from the output:

npm ERR!
  sha512-lQ...HA==
integrity checksum failed when using sha512: wanted
  sha512-lQ...HA==
but got
  sha512-nH...ow==
. (4835509 bytes)

Find the package in package-lock.json by the first two integrity checksums (sha512-lQ...HA==), and put the third one (sha512-nH...ow==) into its "integrity" field.

More on it here.

Answer 3

It seems to be a caching issue at the npm servers. We've switched from npm to GitHub packages, everything works fine there.