EINTEGRITY: npm 5.0 integrity check and modernizr.com dependency

node.js npm npm-install modernizr
10,142

Solution 1

I finally resolved this issue.

Our team moved away from URL dependency without SEMVER notation, in this case https://modernizr.com/download?setclasses-flash and used modernizr-loader with webpack. There are also equivalents for gulp and grunt tools available on npm, pick and use one you like the most.

After using them, we finally get rid of returning EINTEGRITY npm error without nuking package-lock.json or node_modules.

Solution 2

Edit package-lock.json , find the one you want to skip in this case the one that its failing

sha1-tU7jWojzuU8MIY2VLAx+BwluNo0

and remove the integrity parameter from it i.e

},
"range-parser": {
  "version": "1.2.0",
  "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz",
  "integrity": "sha1-9JvmtIeJTdxA3MlKMi9hEJLgDV4=",
  "dev": true
},

to...

},
"range-parser": {
  "version": "1.2.0",
  "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz",
  "dev": true
},

after that run npm install, will check the rest, skip this integrity

Solution 3

The point of the integrity field is to alert you when something has changed, so if you do not want it to exist, you can disable package-lock.json files in your npmrc. Just set package-lock=false

Note: I am the developer of Modernizr, and spoke with the npm-cli team about this issue. The root cause appears to be the change of the SHA type between npm5 and earlier versions. Nuking the node_modules folder will fix it

Solution 4

  1. Find all outdated packages and update theme:

    npm outdated -g sudo npm i -g outDatedPKG

  2. Upgrade npm to lateste version with:

    sudo npm i -g npm

  3. Delete package-lock.json file.

  4. Delete _cacache directory in ~/.npm:

    npm cache verify

    4.1. Every time i get that error, do steps 2 & 3.

  5. If you still get the error, clear npm's cache:

    npm cache clean --force

Solution 5

I had this same error and I solved it by :

  1. Deleting package-lock.json
  2. Running "npm install"
Share:
10,142
tlenex
Author by

tlenex

Updated on June 19, 2022

Comments

  • tlenex
    tlenex almost 2 years

    I've encountered this error when installing deps of my package: 

    $ npm i
npm ERR! code EINTEGRITY
npm ERR! sha1-tU7jWojzuU8MIY2VLAx+BwluNo0= integrity checksum failed when using sha1: wanted sha1-tU7jWojzuU8MIY2VLAx+BwluNo0= but got sha1-oXYP0kzpbhku0KU+phy353lbBhQ=. (26624 bytes)

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/tlenex/.npm/_logs/2017-06-22T10_18_19_773Z-debug.log

    the problem is with my Modernizr dependency:

    "dependencies": {
  "Modernizr": "https://modernizr.com/download?setclasses-flash"
}

    is there any way to solve this or ignore this integrity check?

    Currently I have to run

    npm i https://modernizr.com/download?setclasses-flash

    again to get things working, which overrides the "integrity" field for "Modernizr" in my package-lock.json. This may happen every time there is a change in Modernizr package fetched from this link and my package dependencies need to be reinstalled (for example, each time on CI build)

    If there is no other way of solving this? I hope I wont have to place package-lock.json in my .gitignore file :(

    More data about my enviroment:

    $ npm -v
5.0.3
$ node -v
v6.11.0
  • tlenex
    tlenex over 6 years
    This is not a good solution when this issue is scaled up on 20+ devs in a team and a lot of CI builds.
  • tlenex
    tlenex over 6 years
    This is not a good solution when this issue is scaled up on 20+ devs in a team and a lot of CI builds.
  • tlenex
    tlenex over 6 years
    Well the point is, that I don't want to disable it for other packages and dependencies. So nuking the node_modules currently is the only option for now. The perfect solution would be disabling the package-lock SHA check for only one link, domain or package name.
  • tlenex
    tlenex over 6 years
    I also can move to npm's repository "modernizr" package, create own builder and leave this issue unresolved. But currently I'm lacking time to do so.
  • tlenex
    tlenex about 6 years
    This is not a good solution when this issue is scaled up on 20+ devs in a team and a lot of CI builds.
  • tlenex
    tlenex over 3 years
    This is not a good solution when this issue is scaled up on 20+ devs in a team and a lot of CI builds. It is connected strictly to modernizr.com/download?setclasses-flash dependency link, wich always leads to latest version of the package and then creates EINTEGRITY error with checksum from package-lock.
  • tlenex
    tlenex about 2 years
    Wouldn't npm install create this integrity field again in package-lock.json ?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Force npm install to install optional dependencies for other platforms
npm ERR! enoent and is related to npm not being able to find a file
npm err! maximum call stack size exceeded
Is npm install the same as npm install --save?
npm install from tgz created with npm pack
ENOTFOUND when running npm install
npm ERR! Cannot read property 'path' of null
How to fix 'npm does not support Node.js v11.14.0 error' on Windows?
npm cannot install 'node-sass'
Module Not Found error after NPM Install