Node: integrity checksum failed when using sha1 - Node v8+
The error I'm getting when I run npm install is:
npm install
npm WARN deprecated [email protected]: To update or install node, go to http://nodejs.org/
npm WARN registry Unexpected warning for https://registry.npmjs.org/: Miscellaneous Warning EINTEGRITY: sha1-UWbihkV/AzBgZL5Ul+jbsMPTIIM= integrity checksum failed when using sha1: wanted sha1-UWbihkV/AzBgZL5Ul+jbsMPTIIM= but got sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==. (11423 bytes)
npm WARN prefer global [email protected] should be installed with -g
> [email protected] install /Users/dave/code/projects/consulting/mayfield/branches/w1-user-can-log-in/node_modules/fsevents
> node-pre-gyp install --fallback-to-build
node-pre-gyp info it worked if it ends with ok
node-pre-gyp verb cli [ '/usr/local/Cellar/node/8.1.0_1/bin/node',
node-pre-gyp verb cli '/Users/dave/code/projects/consulting/mayfield/branches/w1-user-can-log-in/node_modules/fsevents/node_modules/.bin/node-pre-gyp',
node-pre-gyp verb cli 'install',
node-pre-gyp verb cli '--fallback-to-build' ]
node-pre-gyp info using [email protected]
node-pre-gyp info using [email protected] | darwin | x64
node-pre-gyp verb command install []
node-pre-gyp info check checked for "/Users/dave/code/projects/consulting/mayfield/branches/w1-user-can-log-in/node_modules/fsevents/lib/binding/Release/node-v57-darwin-x64/fse.node" (not found)
node-pre-gyp http GET https://fsevents-binaries.s3-us-west-2.amazonaws.com/v1.0.17/fse-v1.0.17-node-v57-darwin-x64.tar.gz
node-pre-gyp http 404 https://fsevents-binaries.s3-us-west-2.amazonaws.com/v1.0.17/fse-v1.0.17-node-v57-darwin-x64.tar.gz
node-pre-gyp ERR! Tried to download(404): https://fsevents-binaries.s3-us-west-2.amazonaws.com/v1.0.17/fse-v1.0.17-node-v57-darwin-x64.tar.gz
node-pre-gyp ERR! Pre-built binaries not found for [email protected] and [email protected] (node-v57 ABI) (falling back to source compile with node-gyp)
node-pre-gyp http 404 status code downloading tarball https://fsevents-binaries.s3-us-west-2.amazonaws.com/v1.0.17/fse-v1.0.17-node-v57-darwin-x64.tar.gz
node-pre-gyp verb command build [ 'rebuild' ]
xcode-select: error: tool 'xcodebuild' requires Xcode, but active developer directory '/Library/Developer/CommandLineTools' is a command line tools instance
xcode-select: error: tool 'xcodebuild' requires Xcode, but active developer directory '/Library/Developer/CommandLineTools' is a command line tools instance
SOLINK_MODULE(target) Release/.node
CXX(target) Release/obj.target/fse/fsevents.o
SOLINK_MODULE(target) Release/fse.node
COPY /Users/dave/code/projects/consulting/mayfield/branches/w1-user-can-log-in/node_modules/fsevents/lib/binding/Release/node-v57-darwin-x64/fse.node
TOUCH Release/obj.target/action_after_build.stamp
node-pre-gyp info ok
added 1139 packages in 32.229s
Some up front info:
- using create-react app
- node v8.1.0
- npm v5.0.3
package.json
{
"name": "gizmo_web_app",
"version": "0.1.0",
"engines": {
"node": "8.1.0",
"npm": "5.0.3"
},
"private": true,
"dependencies": {
"bootstrap": "^3.3.7",
"chalk": "^1.1.3",
"confidence": "^3.0.2",
"lodash": "^4.17.4",
"node": "^0.0.0",
"prop-types": "^15.5.9",
"react": "^15.5.4",
"react-bootstrap": "^0.31.0",
"react-dom": "^15.5.4",
"react-redux": "^5.0.5",
"react-router-dom": "^4.1.1",
"react-test-renderer": "^15.5.4",
"redux": "^3.6.0",
"redux-logger": "^3.0.1",
"reselect": "^3.0.1",
"superagent": "^3.5.2",
"zxcvbn": "^4.4.2"
},
"devDependencies": {
"babel-eslint": "^7.2.3",
"babel-plugin-transform-object-rest-spread": "^6.23.0",
"babel-preset-es2015": "^6.24.1",
"babel-preset-react-app": "^2.2.0",
"chai": "^3.5.0",
"chai-enzyme": "^0.6.1",
"enzyme": "^2.8.2",
"eslint": "^3.19.0",
"eslint-config-airbnb": "^14.1.0",
"eslint-plugin-import": "^2.2.0",
"eslint-plugin-jsx-a11y": "^2.2.3",
"eslint-plugin-react": "^6.10.3",
"jsdom": "^11.0.0",
"mocha": "^3.4.1",
"nock": "^9.0.13",
"react-addons-test-utils": "^15.5.1",
"react-scripts": "0.9.5",
"redux-mock-store": "^1.2.3",
"redux-thunk": "^2.2.0",
"sinon": "^2.3.2",
"supertest": "^3.0.0"
},
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
"test": "NODE_ENV=development mocha --recursive --compilers js:babel-core/register src/test/unit --env=jsdom",
"test-integration": "NODE_ENV=development mocha --recursive --compilers js:babel-core/register src/test/integration --env=jsdom",
"test-integration-deployment": "NODE_ENV=development mocha --timeout 70000 --recursive --compilers js:babel-core/register src/test/integration/deploy",
"eject": "react-scripts eject",
"lint": "node_modules/.bin/eslint src"
},
"babel": {
"presets": [
"react-app"
]
}
}
I don't remember why we had [email protected] in there I feel like it had to do with create-react-app or something I think. But even when I remove that, I still get
Never got this before upgrading to Node 8.x.x. I need to use Node 8 as I'm using util.promisify in my code already.
dschinkel
All 37 comments
So the issue here is this warning right?
npm WARN registry Unexpected warning for https://registry.npmjs.org/: Miscellaneous Warning EINTEGRITY: sha1-UWbihkV/AzBgZL5Ul+jbsMPTIIM= integrity checksum failed when using sha1: wanted sha1-UWbihkV/AzBgZL5Ul+jbsMPTIIM= but got sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==. (11423 bytes)
That looks like an npm issue, you should raise this on their tracker (npm/npm).
A cursory glance at their tracker suggests this is a duplicate of https://github.com/npm/npm/issues/17146.
gibfahn
on 12 Jun 2017
I'll close this, comment if I've misunderstood something and I'll reopen.
gibfahn
on 12 Jun 2017
thanks @gibfahn I'll post it over there.
dschinkel
on 12 Jun 2017
Troll comment deleted. Next time it's a perma-ban, @chaudharisuresh997.
bnoordhuis
on 15 Jul 2017
10621 verbose Windows_NT 10.0.15063
10622 verbose argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "install" "--save"
10623 verbose node v8.2.1
10624 verbose npm v5.3.0
10625 error code EINTEGRITY
10626 error sha1-PTDHGLCaPZbyPqTMH0A8TTup/08= integrity checksum failed when using sha1: wanted sha1-PTDHGLCaPZbyPqTMH0A8TTup/08= but got sha1-IddJ0tf3FO+KgwifNonymtHE/tw=. (15860 bytes)
10627 verbose exit [ 1, true ]
Getting error while installing npm package
git-santosh
on 15 Aug 2017
12256 verbose type OperationalError
12257 verbose stack Error: sha1-b3oaQGRG+i4YfslTmGmPTO5HYmk= integrity checksum failed when using sha1: wanted sha1-b3oaQGRG+i4YfslTmGmPTO5HYmk= but got sha1-juRg3eV2OcAghs1D6DFD5ZC4ezU=. (130548 bytes)
12257 verbose stack at Transform.on (E:\nodejs\node_modules\npm\node_modules\ssri\index.js:275:19)
12257 verbose stack at emitNone (events.js:110:20)
12257 verbose stack at Transform.emit (events.js:207:7)
12257 verbose stack at endReadableNT (_stream_readable.js:1059:12)
12257 verbose stack at _combinedTickCallback (internal/process/next_tick.js:138:11)
12257 verbose stack at process._tickCallback (internal/process/next_tick.js:180:9)
12258 verbose cwd E:\j Angular Exercise\loginEx
12259 verbose Windows_NT 6.1.7601
12260 verbose argv "E:\nodejs\node.exe" "E:\nodejs\node_modules\npm\bin\npm-cli.js" "install"
12261 verbose node v8.4.0
12262 verbose npm v5.3.0
12263 error code EINTEGRITY
12264 error sha1-b3oaQGRG+i4YfslTmGmPTO5HYmk= integrity checksum failed when using sha1: wanted sha1-b3oaQGRG+i4YfslTmGmPTO5HYmk= but got sha1-juRg3eV2OcAghs1D6DFD5ZC4ezU=. (130548 bytes)
12265 verbose exit [ 1, true ]
james-ansari
on 16 Aug 2017
Same here
`8944 verbose type OperationalError
8945 verbose stack Error: sha1-wNWmOycYgArY4ESSTpSachN1BhF4= integrity checksum failed when using sha1: wanted sha1-wNWmOycYgArY4ESSTpSachN1BhF4= but got sha1-wNWmOycYgArY4esPpSachN1BhF4=. (8058 bytes)
8945 verbose stack at Transform.on (C:\Program Files\nodejs\node_modules\npm\node_modules\ssri\index.js:275:19)
8945 verbose stack at emitNone (events.js:110:20)
8945 verbose stack at Transform.emit (events.js:207:7)
8945 verbose stack at endReadableNT (_stream_readable.js:1059:12)
8945 verbose stack at _combinedTickCallback (internal/process/next_tick.js:138:11)
8945 verbose stack at process._tickCallback (internal/process/next_tick.js:180:9)
8949 verbose node v8.4.0
8950 verbose npm v5.3.0`
Rogasch
on 16 Aug 2017
Hi @Rogasch I will suggest you to completely uninstall node and npm. Also delete npm and npm-cache folder. And reinstall using node-v6.11.2-x86.msi installer.
james-ansari
on 17 Aug 2017
i had the same issue and
npm install -g npm
fixed it for me
uniqueinx
on 4 Oct 2017
I got this problem when I got package-lock.json included in the commit. After removing package-lock.json I could run npm install without errors again.
GottfridL
on 19 Oct 2017
@GottfridL but how this package-lock,json works? Why is been generated? Because your solution worked for me but when the command finished a message saying that I need a package-lock.json file show up, even though the running was successfully
npm notice created a lockfile as package-lock.json. You should commit this file.
MajoBogado
on 28 Nov 2017
We have been getting the same issue on our Travis builds ever since upgrading to Node 8 and including package-lock.json in our commits. npm 5.5.1
paulius005
on 1 Dec 2017
Hi folks,
For me, the "clear cache" option worked - but not using the commands npm commands !
(this will be different for everyone, but maybe it helps)
My issue turned out to be that the directories inside ~/.npm/_cacache/index-v5 were owned by root due to previous Installs and Uninstalls I'd tried.
After manually deleting those directories, the npm install worked.
TLDR : Clear cache. Do it manually if it still occurs.
lavenpillay
on 5 Dec 2017
My issue turned out to be that the directories inside ~/.npm/_cacache/index-v5 were owned by root due to previous Installs and Uninstalls I'd tried.
Does sudo npm cache clean -f work?
gibfahn
on 5 Dec 2017
@gibfahn
No, for me it didn't because the issue was not that the cache needed to be cleaned, but that other processes were trying to _create_ files in the cache, and could not.
Regarding the Registry, in my case, I think the issue was that the JSON file with info was not able to be saved and so the SHA check could not be performed.
lavenpillay
on 6 Dec 2017
For me there was a running instance of npm hanging in memory. After killing the process the problem disappeared
mibutec
on 27 Jan 2018
I guess package-lock.json must stay commited and updated.. Since this file grants that the same packages used and tested in development stage will be the same..
igordeoliveirasa
on 4 Apr 2018
In other words: removing package-lock.json works, however it's is not the right solution.
igordeoliveirasa
on 4 Apr 2018
I had the same problem after upgrading to nodejs 10.x. I had to npm install npm -g, then delete all the package-lock.json files. This allows us to build more of our application but there are still some incompatibilities somewhere and we are trying to sort them out.
broweratcognitecdotcom
on 24 Aug 2018
having same issue on my MacBookPro
Node 10.8.0
npm 6.2.0
, when I go to my project and issue
npm install, I get following
mycomp:MyProj nbnex$ npm i
WARN tarball tarball data for [email protected] (sha1-6GFJ7dp3tKYSvYAb/EVjK+zOYGQ=) seems to be corrupted. Trying one more time.
WARN tarball tarball data for [email protected] (sha1-6GFJ7dp3tKYSvYAb/EVjK+zOYGQ=) seems to be corrupted. Trying one more time.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/@angular-devkit/core/node_modules/fsevents):
npm WARN enoent SKIPPING OPTIONAL DEPENDENCY: ENOENT: no such file or directory, rename '/Users/dbnex/source/MyProj/MyProj/node_modules/.staging/fsevents-d35eda14/node_modules/yallist' -> '/Users/dbnex/source/MyProj/MyProj/node_modules/.staging/yallist-2c29e2bb'
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/watchpack/node_modules/fsevents):
npm WARN enoent SKIPPING OPTIONAL DEPENDENCY: ENOENT: no such file or directory, rename '/Users/dbnex/source/MyProj/MyProj/node_modules/.staging/fsevents-6a393e92/node_modules/set-blocking' -> '/Users/dbnex/source/MyProj/MyProj/node_modules/.staging/set-blocking-5346d4b2'
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/webpack-dev-server/node_modules/fsevents):
npm WARN enoent SKIPPING OPTIONAL DEPENDENCY: ENOENT: no such file or directory, rename '/Users/dbnex/source/MyProj/MyProj/node_modules/.staging/fsevents-a915511c/node_modules/process-nextick-args' -> '/Users/dbnex/source/MyProj/MyProj/node_modules/.staging/process-nextick-args-7b3b7565'
npm ERR! code EINTEGRITY
npm ERR! Verification failed while extracting [email protected]:
npm ERR! Verification failed while extracting [email protected]:
npm ERR! sha1-6GFJ7dp3tKYSvYAb/EVjK+zOYGQ= integrity checksum failed when using sha1: wanted sha1-6GFJ7dp3tKYSvYAb/EVjK+zOYGQ= but got sha512-EUet5nra7Ia1J4AkdJR6ToUFZHPbN9uybPpv+wx5/jo8lch5ezvh/5MQSShxIeU2bvsv4YpcSqgEq/6iBBfgpQ== sha1-dRAb4fP7cqda60ct3CvKQ5zMJxY=. (178201 bytes)
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/dbnex/.npm/_logs/2018-10-05T18_04_47_761Z-debug.log
dinobu
on 5 Oct 2018
close the node server and run command, it's worked for me.
Kyi-Moe-Min
on 23 Oct 2018
For anyone still having this issue, the problem is with the package-lock.json file. For people working in a team, Don't commit your package-lock.json file so anyone picking up your project will get a freshly generated package-lock.json file after running npm i I hope this helps someone, Cheers
bunday
on 30 Oct 2018
Thank you @bunday, it solved the issue for me!
tragetraje
on 31 Oct 2018
@bunday If you delete the package-lock.json everybody will make updates to the packages on their own. The goal of package-lock is to prevent this.
We solved the problem by manually removing the package(s) in question (which were locally build dependencies) from the package-lock.json and commit it.
jfrohn
on 31 Oct 2018
Deleting package-lock.json is a one-time-fix for this problem, please don't take the advise of:
don't commit your package-lock.json
It is intended to be commit to create some semblance of stability in your dependency tree, it's very useful especially with CI and deploying your project somewhere that installs the node_modules remotely.
Committing package-lock.json is better than committing node_modules, which is insane.
jakewhelan
on 26 Nov 2018
npm install -g solved my problem !
I can really appreciate the help if someone can tell me why this error occur and whats its root cause.
sudipt1999
on 1 Dec 2018
@sudipt1999 in my case, the problem was that we installed from registry A which was saved to package-lock, then sometime later we changed to registry B in .npmrc and tried to install again.
For whatever reason, the SHA1 was different between these two registries.
The solution was to delete package-lock and node_modules, and then re-generate dependencies and package-lock with npm i.
jakewhelan
on 1 Dec 2018
Had the same problem . Deleting package-lock.json and running npm cache clear -f fixed the issue.
This happened when i installed a module on node 6 and then reinstalled on node 8
jenilChristo
on 12 Dec 2018
Committing package-lock.json is better than committing node_modules, which is insane.
@jakewhelan, any issue with not committing package-lock.json and relying on good 'ol package.json? I know this removes some efficiencies gained with package.lock but I'm tired of dealing with developers using different node versions and/or yarn and running into issues where package.lock gets out of sync. The fix seems to always be deleting package.lock. Its not worth the trouble IMHO.
I don't think anyone is suggesting committing node_modules ;)
wrabbit23
on 26 Mar 2019
Committing package-lock.json is better than committing node_modules, which is insane.
@jakewhelan, any issue with not committing package-lock.json and relying on good 'ol package.json? I know this removes some efficiencies gained with package.lock but I'm tired of dealing with developers using different node versions and/or yarn and running into issues where package.lock gets out of sync. The fix seems to always be deleting package.lock. Its not worth the trouble IMHO.
I don't think anyone is suggesting committing node_modules ;)
The issue is that good 'ol package.json only cares about respecting the Semver specification, it doesn't give a crap about whether your app works or not. It also doesn't care about keeping track of your dependency legacy.
If you don't commit package-lock.json you run the risk of having different dependencies each time you npm i. This means difference between local, CI and deployment/build artifacts, and also difference between what each developer has local. I find it hard to call a version of my code a 'version' when it changes after each install, and I don't like that the code may behave differently in production than in my local environment - huge red flag.
A further problem is that should you ever need to roll back, or go back to a previous version to debug something all of your dependencies will be different from the last time you were there - you will never be able to reproduce that one dependency-related production issue without package-lock.json because your dependency legacy is lost without package-lock.json.
It's a lot of moving parts that personally I'm not comfortable with.
In my opinion there are only two sane options that allow for complete confidence in your app:
- Commit package-lock.json
- Do not commit package-lock.json BUT do not use any Semver operators (
^~>=<=). You must specify explicit versions. This is a maintenance nightmare but maybe you would consider it less painful than your package-lock woes.
jakewhelan
on 26 Mar 2019
To be honest @wrabbit23 our workflow is that each time we install the app for local development, we delete the package-lock.json and node_modules anyway then install fresh. This would solve your problem.
As long as the app is still working after you npm i again, commit the new package-lock and you can still be confident it will remain the same as it moves around through different environments.
That's the best of both worlds.
jakewhelan
on 26 Mar 2019
We remove ^ and ~ from our versions in all of our package.json files. We want absolute control. It doesn't make any problems for us.
broweratcognitecdotcom
on 26 Mar 2019
i had the same issue and
npm install -g npm
fixed it for me
skv4u
on 6 Nov 2019
I got this problem when I got package-lock.json included in the commit. After removing package-lock.json I could run npm install without errors again.
this worked
Ritesh143
on 5 Dec 2019
I got this problem when I got package-lock.json included in the commit. After removing package-lock.json I could run npm install without errors again.
It helpful.resolved this proble by using this way.
I run the old project without any changes with npm packages.but different environment in npm registry.
I run it in docker. copy the package.json and package-lock.json to docker.
see this error.
fixed after removed the package-lock.json
sxyengene
on 23 Dec 2019
None of the above worked for me
vksgautam1
on 27 Apr 2020
I tried yarn and this is exact error i am getting now
vksgautam1
on 29 Apr 2020
Related issues
filipesilvaa
·
3Comments
mcollina
·
3Comments
danielstaleiny
·
3Comments
ksushilmaurya
·
3Comments
danialkhansari
·
3Comments
Most helpful comment
I got this problem when I got package-lock.json included in the commit. After removing package-lock.json I could run npm install without errors again.