Yarn: Misleading "Integrity check failed..." error if credentials for private registry are missing
Do you want to request a feature or report a bug?
Bug
What is the current behavior?
If yarn cannot download a package due to missing credentials in npmrc it fails with misleading error message "integrity check failed for…"
If the current behavior is a bug, please provide the steps to reproduce.
In our case, we had this .npmrc file
@40three:registry=https://xxournexusserverxx/repository/npm/
//ournexusserver/repository/npm/:_authToken=${NEXUS_NPM_TOKEN}
And got this error during yarn install:
error https://ournexusserver/repository/npm/@40three-internal/ng-base/-/ng-base-7.0.1.tgz: Integrity check failed for "@40three-internal/ng-base" (computed integrity doesn't match our records, got "sha512-z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==")
Note the computed hash, which is the hash for /dev/null.
What is the expected behavior?
The real problem was: We had the wrong namespace in our .npmrc file (@40three instead of @40three-internal) and so yarn could not download the package due to missing credentials for our server.
This was quite confusing because everything worked in local environments (all developers have a global .npmrc file) but failed in CI.
Please mention your node.js, yarn and operating system version.
Node 8, yarn 1.12.3, Windows 10
cluetjen
All 7 comments
@cluetjen I had the same problem.
As a workaround you can add an environment variable to your CI build settings. Then add this step to your config file, which will add the .npmrc file, before installing dependencies:
- run:
command: |
echo "@40three:registry=https://xxournexusserverxx/repository/npm/
//ournexusserver/repository/npm/:_authToken=${NEXUS_NPM_TOKEN}" > .npmrc
kirillgalushko
on 5 Dec 2018
Thanks @kirillgalushko, that is how we do it. The problem is the error message if this .npmrc file has errors.
Is: "Integrity check failed for..."
Expected: "Could not download …"
cluetjen
on 5 Dec 2018
oh my god, we lost 3 work days before finding this opened issue 😫
alex-pex
on 17 Dec 2018
This had us puzzled too!
We saw a combination of the sha512 of null (sha512-z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==) and the sha1 of null (sha1-2jmj7l5rSw0yVb/vlWAYkK/YBwk=) - it didn't occur to us to check the repository config until we found this ticket
brendanhatton
on 11 Jan 2019
I hit the same misleading error on yarn 1.12.3. I updated to yarn 1.13.0 and yarn correctly output a "403 forbidden" error instead when my access credentials were bad.
bobziuchkovski
on 7 Mar 2019
I hit the same misleading error on yarn 1.12.3. I updated to yarn 1.13.0 and yarn correctly output a "403 forbidden" error instead when my access credentials were bad.
FWIW, I'm still seeing this issue with yarn 1.13.0
rtsao
on 20 Jul 2019
I always got the similar issue when install dependences, is there any options to let the install process remove cached packages integrity check failed, or download manually and install to cache from local copies.
liudonghua123
on 4 Apr 2020
Related issues
sebmck
·
3Comments
seansfkelley
·
3Comments
bouk
·
3Comments
victornoel
·
3Comments
torifat
·
3Comments
Most helpful comment
Thanks @kirillgalushko, that is how we do it. The problem is the error message if this .npmrc file has errors.
Is: "Integrity check failed for..."
Expected: "Could not download …"