NPM pulls corrupted packages from Verdaccio instance

Question

When I perform a basic npm install in an application I am attempting to set up a dev. environment for corrupted packages end up being pulled from my Verdaccio proxy instance.

To Reproduce

Steps to reproduce the behavior:

Set up package.json for my project including adding my dependencies, etc.
Set my local system to use my Verdaccio instance: npm set registry [[Verdaccio Server URL]]:4873.
Perform npm install within the directory I have the package.json in.

Results

I get a ton of output similar to the following:

npm http fetch GET 200 [[Proxy NPM Site]]/@angular%2fplatform-browser-dynamic/-/platform-browser-dynamic-5.2.11.tgz 6430ms
npm WARN tarball tarball data for @angular/router@5.2.11 (sha512-NT8xYl7Vr3qPygisek3PlXqNROEjg48GXOEsDEc7c8lDBo3EB9Tf328fWJD0GbLtXZNhmmNNxwIe+qqPFFhFAA==) seems to be corrupted. Trying one more time.
npm WARN tarball tarball data for jquery@3.3.1 (sha512-Ubldcmxp5np52/ENotGxlLe6aGMvmF4R8S6tZjsP6Knsaxd/xp3Zrh50cG93lR6nPXyUFwzN3ZSOQI0wRJNdGg==) seems to be corrupted. Trying one more time.
npm WARN tarball tarball data for ng-bootstrap@1.6.3 (sha1-1B/UIVTAWTQiy4PEc6OCiqdSW/U=) seems to be corrupted. Trying one more time.

Note the URL encoded name of the package, in this case @angular%2fplatform-browser-dynamic. I do not get this when I set my proxy to be https://registry.npmjs.org/.

Of course, what I would like to do is be able to perform an npm install just as if I were connected to the official registry.

Configuration and Log Files

Additional Information

NPM Version: Latest - 6.1.0 but it happens with older versions.
Node Version that Verdaccio is running on: 10.4.0
Node Version that Client is running on: 10.4.0

Environment: Windows Server 2012 (SP2)

The server that Verdaccio is on is not behind a proxy.

facing the same error, but with [materialize css](https://materializecss.com) and [material-design-icons](https://materialdesignicons.com/) — reisdev, Jun 13 '18 at 19:32
As reference https://github.com/verdaccio/verdaccio/issues/756 — Juan Picado, Jun 15 '18 at 04:55

score 14 · Accepted Answer · answered Jun 14 '18 at 14:36

14

So after performing the following everything worked as intended:

rmdir /S /Q node_modules (or rm -rf node_modules on a *nix derivative OS)
del package-lock.json (or rm package-lock.json on a *nix derivative OS)
npm set registry [[My Verdaccio Instance's IP]]:4873
npm cache clean --force
npm install --force --verbose --no-bin-links

answered Jun 14 '18 at 14:36

Chris K.

467
2
5
19

6

Removing the package-lock.json was what I needed to get npm back on track. – brinch Sep 12 '18 at 10:19
I tried all of the above, and none of it worked till I did the classic restart the computer. – Ashitakalax Jun 05 '19 at 20:27
Ive been about ready to slam my head against the wall for the past three hours. rm package-lock.json worked. Thank you so much – omoshiroiii Oct 30 '19 at 21:07
Removing the package-lock.json worked for me. I have a vague idea about what might be going underneath. In my case, it seemed to be something to do with checksum mismatching. The checksum and the version in the package-lock.json from the previous installation did not match with the package pulled from verdaccio (why I had the same version number for an updated package? -> It was a project related hack). Which is probably why it worked after deleting the package-lock.json – Isuru Dharmadasa May 24 '21 at 10:49

score 3 · Answer 2 · answered Nov 12 '20 at 10:49

3

I solved my issue with the following steps:

remove package-lock.json
run npm cache clear --force
run npm cache verify
run npm install

answered Nov 12 '20 at 10:49

Georges Feungap

456
3
8

score 2 · Answer 3 · answered May 24 '19 at 19:49

2

If you roll back to NPM version 3, it will start working again. Publishing to Verdaccio with NPM@3 and then pulling with NPM@>=5 was causing this problem for me.

answered May 24 '19 at 19:49

cjbarth

4,189
6
43
62

I've been having this issue for months and always skipped past this answer. This is actually what fixed all of my issues. – Zachary Hale Jun 19 '19 at 18:23

score 1 · Answer 4 · edited Nov 14 '19 at 16:49

1

This seems like a problem with your node/npm and not with Angular CLI.

I suggest you try to use

npm cache clear --force
npm install

Thanks.

edited Nov 14 '19 at 16:49

Beniamin H

2,048
1
11
17

answered Oct 31 '19 at 04:06

Suraj Chandgude

331
2
11

score 0 · Answer 5 · answered Jun 07 '19 at 09:14

0

Had to turn off Verdaccio's cache

uplinks:
  npmjs:
    url: https://registry.npmjs.org/
    cache: false

answered Jun 07 '19 at 09:14

seppestaes

31
2

2

IMHO doesn't this make the private repo less useful? Caching is what allows you to reduce traffic, etc. – Chris K. Jun 07 '19 at 21:31

score 0 · Answer 6 · answered Nov 12 '20 at 09:58

0

Removing the package-lock.json. It solved my problem.

answered Nov 12 '20 at 09:58

Chetan Jain

236
6
16

NPM pulls corrupted packages from Verdaccio instance

6 Answers6