7

I've encountered this error when installing deps of my package: 

$ npm i
npm ERR! code EINTEGRITY
npm ERR! sha1-tU7jWojzuU8MIY2VLAx+BwluNo0= integrity checksum failed when using sha1: wanted sha1-tU7jWojzuU8MIY2VLAx+BwluNo0= but got sha1-oXYP0kzpbhku0KU+phy353lbBhQ=. (26624 bytes)

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/tlenex/.npm/_logs/2017-06-22T10_18_19_773Z-debug.log

the problem is with my Modernizr dependency:

"dependencies": {
  "Modernizr": "https://modernizr.com/download?setclasses-flash"
}

is there any way to solve this or ignore this integrity check?

Currently I have to run

npm i https://modernizr.com/download?setclasses-flash

again to get things working, which overrides the "integrity" field for "Modernizr" in my package-lock.json. This may happen every time there is a change in Modernizr package fetched from this link and my package dependencies need to be reinstalled (for example, each time on CI build)

If there is no other way of solving this? I hope I wont have to place package-lock.json in my .gitignore file :(

More data about my enviroment:

$ npm -v
5.0.3
$ node -v
v6.11.0
tlenex
  • 488
  • 1
  • 5
  • 13
  • Possible duplicate of [Integrity checksum failure while installing API Connect toolkit #apiconnect](https://stackoverflow.com/questions/44331813/integrity-checksum-failure-while-installing-api-connect-toolkit-apiconnect) – kenorb Feb 18 '19 at 12:05
  • @kenorb It is not. It is connected strictly to https://modernizr.com/download?setclasses-flash dependency link, wich **always leads to latest version** of the package and then creates EINTEGRITY error with checksum from package-lock. – tlenex Mar 21 '19 at 12:53

7 Answers7

5

Edit package-lock.json , find the one you want to skip in this case the one that its failing

sha1-tU7jWojzuU8MIY2VLAx+BwluNo0

and remove the integrity parameter from it i.e

},
"range-parser": {
  "version": "1.2.0",
  "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz",
  "integrity": "sha1-9JvmtIeJTdxA3MlKMi9hEJLgDV4=",
  "dev": true
},

to...

},
"range-parser": {
  "version": "1.2.0",
  "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz",
  "dev": true
},

after that run npm install, will check the rest, skip this integrity

Sago78
  • 90
  • 1
  • 6
  • Wouldn't `npm install` create this integrity field again in `package-lock.json` ? – tlenex Mar 16 '22 at 15:39
  • It will, with the new value, I guess this is breaking the purpose of the integrity check, but it clears the issue. Maybe someone else can explain the reason and consecuences. I just find out this as a way to clear and continue. – Sago78 Mar 17 '23 at 18:54
2

The point of the integrity field is to alert you when something has changed, so if you do not want it to exist, you can disable package-lock.json files in your npmrc. Just set package-lock=false

Note: I am the developer of Modernizr, and spoke with the npm-cli team about this issue. The root cause appears to be the change of the SHA type between npm5 and earlier versions. Nuking the node_modules folder will fix it

Patrick
  • 13,872
  • 5
  • 35
  • 53
  • Well the point is, that I don't want to disable it for other packages and dependencies. So nuking the `node_modules` currently is the only option for now. The perfect solution would be disabling the package-lock SHA check for only one link, domain or package name. – tlenex Jan 04 '18 at 21:36
  • I also can move to npm's repository "modernizr" package, create own builder and leave this issue unresolved. But currently I'm lacking time to do so. – tlenex Jan 04 '18 at 21:44
1

  1. Find all outdated packages and update theme:

    npm outdated -g sudo npm i -g outDatedPKG

  2. Upgrade npm to lateste version with:

    sudo npm i -g npm

  3. Delete package-lock.json file.

  4. Delete _cacache directory in ~/.npm:

    npm cache verify

    4.1. Every time i get that error, do steps 2 & 3.

  5. If you still get the error, clear npm's cache:

    npm cache clean --force

Merzak7
  • 69
  • 5
  • This is not a good solution when this issue is scaled up on 20+ devs in a team and a lot of CI builds. – tlenex Jan 04 '18 at 21:34
1

I had this same error and I solved it by :

  1. Deleting package-lock.json
  2. Running "npm install"
Emmac
  • 2,928
  • 2
  • 15
  • 22
  • 2
    This is not a good solution when this issue is scaled up on 20+ devs in a team and a lot of CI builds. – tlenex May 07 '18 at 09:57
0

I finally resolved this issue.

Our team moved away from URL dependency without SEMVER notation, in this case https://modernizr.com/download?setclasses-flash and used modernizr-loader with webpack. There are also equivalents for gulp and grunt tools available on npm, pick and use one you like the most.

After using them, we finally get rid of returning EINTEGRITY npm error without nuking package-lock.json or node_modules.

tlenex
  • 488
  • 1
  • 5
  • 13
-1

Just do two things for the solution

first : npm cache clean --force

second : npm i -g npm

and than install what u want

Abhi Thakkar
  • 151
  • 4
  • 17
  • This is not a good solution when this issue is scaled up on 20+ devs in a team and a lot of CI builds. – tlenex Jan 04 '18 at 21:34
-1
  • $ rm -rf package-lock.json node_modules
  • $ npm install --cache /tmp/empty-npm-cache

If this fixes it, clear your global npm cache to fix the corruption.

cinobili19
  • 451
  • 7
  • 10
  • This is not a good solution when this issue is scaled up on 20+ devs in a team and a lot of CI builds. It is connected strictly to modernizr.com/download?setclasses-flash dependency link, wich always leads to latest version of the package and then creates EINTEGRITY error with checksum from package-lock. – tlenex Sep 11 '20 at 13:09