EINTEGRITY: npm 5.0 integrity check and modernizr.com dependency
Solution 1
I finally resolved this issue.
Our team moved away from URL dependency without SEMVER notation, in this case https://modernizr.com/download?setclasses-flash
and used modernizr-loader
with webpack
. There are also equivalents for gulp
and grunt
tools available on npm, pick and use one you like the most.
After using them, we finally get rid of returning EINTEGRITY
npm error without nuking package-lock.json
or node_modules
.
Solution 2
Edit package-lock.json , find the one you want to skip in this case the one that its failing
sha1-tU7jWojzuU8MIY2VLAx+BwluNo0
and remove the integrity parameter from it i.e
},
"range-parser": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz",
"integrity": "sha1-9JvmtIeJTdxA3MlKMi9hEJLgDV4=",
"dev": true
},
to...
},
"range-parser": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz",
"dev": true
},
after that run npm install, will check the rest, skip this integrity
Solution 3
The point of the integrity field is to alert you when something has changed, so if you do not want it to exist, you can disable package-lock.json files in your npmrc. Just set package-lock=false
Note: I am the developer of Modernizr, and spoke with the npm-cli team about this issue. The root cause appears to be the change of the SHA type between npm5 and earlier versions. Nuking the node_modules
folder will fix it
Solution 4
Find all outdated packages and update theme:
npm outdated -g
sudo npm i -g outDatedPKG
Upgrade npm to lateste version with:
sudo npm i -g npm
Delete
package-lock.json
file.Delete
_cacache
directory in ~/.npm:npm cache verify
4.1. Every time i get that error, do steps 2 & 3.
If you still get the error, clear npm's cache:
npm cache clean --force
Solution 5
I had this same error and I solved it by :
- Deleting package-lock.json
- Running "npm install"
tlenex
Updated on June 19, 2022Comments
-
tlenex almost 2 years
I've encountered this error when installing deps of my package:
$ npm i npm ERR! code EINTEGRITY npm ERR! sha1-tU7jWojzuU8MIY2VLAx+BwluNo0= integrity checksum failed when using sha1: wanted sha1-tU7jWojzuU8MIY2VLAx+BwluNo0= but got sha1-oXYP0kzpbhku0KU+phy353lbBhQ=. (26624 bytes) npm ERR! A complete log of this run can be found in: npm ERR! /home/tlenex/.npm/_logs/2017-06-22T10_18_19_773Z-debug.log
the problem is with my
Modernizr
dependency:"dependencies": { "Modernizr": "https://modernizr.com/download?setclasses-flash" }
is there any way to solve this or ignore this integrity check?
Currently I have to run
npm i https://modernizr.com/download?setclasses-flash
again to get things working, which overrides the
"integrity"
field for"Modernizr"
in mypackage-lock.json
. This may happen every time there is a change inModernizr
package fetched from this link and my package dependencies need to be reinstalled (for example, each time on CI build)If there is no other way of solving this? I hope I wont have to place
package-lock.json
in my.gitignore
file :(More data about my enviroment:
$ npm -v 5.0.3 $ node -v v6.11.0
-
tlenex over 6 yearsThis is not a good solution when this issue is scaled up on 20+ devs in a team and a lot of CI builds.
-
tlenex over 6 yearsThis is not a good solution when this issue is scaled up on 20+ devs in a team and a lot of CI builds.
-
tlenex over 6 yearsWell the point is, that I don't want to disable it for other packages and dependencies. So nuking the
node_modules
currently is the only option for now. The perfect solution would be disabling the package-lock SHA check for only one link, domain or package name. -
tlenex over 6 yearsI also can move to npm's repository "modernizr" package, create own builder and leave this issue unresolved. But currently I'm lacking time to do so.
-
tlenex about 6 yearsThis is not a good solution when this issue is scaled up on 20+ devs in a team and a lot of CI builds.
-
tlenex over 3 yearsThis is not a good solution when this issue is scaled up on 20+ devs in a team and a lot of CI builds. It is connected strictly to modernizr.com/download?setclasses-flash dependency link, wich always leads to latest version of the package and then creates EINTEGRITY error with checksum from package-lock.
-
tlenex about 2 yearsWouldn't
npm install
create this integrity field again inpackage-lock.json
?