Skip to content

integrity checksum failed when using sha1 - Node v8+ #13635

Closed
@dschinkel

Description

@dschinkel

The error I'm getting when I run npm install is:

npm install

npm WARN deprecated node@0.0.0: To update or install node, go to http://nodejs.org/
npm WARN registry Unexpected warning for https://registry.npmjs.org/: Miscellaneous Warning EINTEGRITY: sha1-UWbihkV/AzBgZL5Ul+jbsMPTIIM= integrity checksum failed when using sha1: wanted sha1-UWbihkV/AzBgZL5Ul+jbsMPTIIM= but got sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==. (11423 bytes)
npm WARN prefer global marked@0.3.6 should be installed with -g

> fsevents@1.0.17 install /Users/dave/code/projects/consulting/mayfield/branches/w1-user-can-log-in/node_modules/fsevents
> node-pre-gyp install --fallback-to-build

node-pre-gyp info it worked if it ends with ok
node-pre-gyp verb cli [ '/usr/local/Cellar/node/8.1.0_1/bin/node',
node-pre-gyp verb cli   '/Users/dave/code/projects/consulting/mayfield/branches/w1-user-can-log-in/node_modules/fsevents/node_modules/.bin/node-pre-gyp',
node-pre-gyp verb cli   'install',
node-pre-gyp verb cli   '--fallback-to-build' ]
node-pre-gyp info using node-pre-gyp@0.6.32
node-pre-gyp info using node@8.1.0 | darwin | x64
node-pre-gyp verb command install []
node-pre-gyp info check checked for "/Users/dave/code/projects/consulting/mayfield/branches/w1-user-can-log-in/node_modules/fsevents/lib/binding/Release/node-v57-darwin-x64/fse.node" (not found)
node-pre-gyp http GET https://fsevents-binaries.s3-us-west-2.amazonaws.com/v1.0.17/fse-v1.0.17-node-v57-darwin-x64.tar.gz
node-pre-gyp http 404 https://fsevents-binaries.s3-us-west-2.amazonaws.com/v1.0.17/fse-v1.0.17-node-v57-darwin-x64.tar.gz
node-pre-gyp ERR! Tried to download(404): https://fsevents-binaries.s3-us-west-2.amazonaws.com/v1.0.17/fse-v1.0.17-node-v57-darwin-x64.tar.gz 
node-pre-gyp ERR! Pre-built binaries not found for fsevents@1.0.17 and node@8.1.0 (node-v57 ABI) (falling back to source compile with node-gyp) 
node-pre-gyp http 404 status code downloading tarball https://fsevents-binaries.s3-us-west-2.amazonaws.com/v1.0.17/fse-v1.0.17-node-v57-darwin-x64.tar.gz 
node-pre-gyp verb command build [ 'rebuild' ]
xcode-select: error: tool 'xcodebuild' requires Xcode, but active developer directory '/Library/Developer/CommandLineTools' is a command line tools instance

xcode-select: error: tool 'xcodebuild' requires Xcode, but active developer directory '/Library/Developer/CommandLineTools' is a command line tools instance

  SOLINK_MODULE(target) Release/.node
  CXX(target) Release/obj.target/fse/fsevents.o
  SOLINK_MODULE(target) Release/fse.node
  COPY /Users/dave/code/projects/consulting/mayfield/branches/w1-user-can-log-in/node_modules/fsevents/lib/binding/Release/node-v57-darwin-x64/fse.node
  TOUCH Release/obj.target/action_after_build.stamp
node-pre-gyp info ok 
added 1139 packages in 32.229s

Some up front info:

  • using create-react app
  • node v8.1.0
  • npm v5.0.3

package.json

{
  "name": "gizmo_web_app",
  "version": "0.1.0",
  "engines": {
    "node": "8.1.0",
    "npm": "5.0.3"
  },
  "private": true,
  "dependencies": {
    "bootstrap": "^3.3.7",
    "chalk": "^1.1.3",
    "confidence": "^3.0.2",
    "lodash": "^4.17.4",
    "node": "^0.0.0",
    "prop-types": "^15.5.9",
    "react": "^15.5.4",
    "react-bootstrap": "^0.31.0",
    "react-dom": "^15.5.4",
    "react-redux": "^5.0.5",
    "react-router-dom": "^4.1.1",
    "react-test-renderer": "^15.5.4",
    "redux": "^3.6.0",
    "redux-logger": "^3.0.1",
    "reselect": "^3.0.1",
    "superagent": "^3.5.2",
    "zxcvbn": "^4.4.2"
  },
  "devDependencies": {
    "babel-eslint": "^7.2.3",
    "babel-plugin-transform-object-rest-spread": "^6.23.0",
    "babel-preset-es2015": "^6.24.1",
    "babel-preset-react-app": "^2.2.0",
    "chai": "^3.5.0",
    "chai-enzyme": "^0.6.1",
    "enzyme": "^2.8.2",
    "eslint": "^3.19.0",
    "eslint-config-airbnb": "^14.1.0",
    "eslint-plugin-import": "^2.2.0",
    "eslint-plugin-jsx-a11y": "^2.2.3",
    "eslint-plugin-react": "^6.10.3",
    "jsdom": "^11.0.0",
    "mocha": "^3.4.1",
    "nock": "^9.0.13",
    "react-addons-test-utils": "^15.5.1",
    "react-scripts": "0.9.5",
    "redux-mock-store": "^1.2.3",
    "redux-thunk": "^2.2.0",
    "sinon": "^2.3.2",
    "supertest": "^3.0.0"
  },
  "scripts": {
    "start": "react-scripts start",
    "build": "react-scripts build",
    "test": "NODE_ENV=development mocha --recursive --compilers js:babel-core/register src/test/unit --env=jsdom",
    "test-integration": "NODE_ENV=development mocha --recursive --compilers js:babel-core/register src/test/integration --env=jsdom",
    "test-integration-deployment": "NODE_ENV=development mocha --timeout 70000 --recursive --compilers js:babel-core/register src/test/integration/deploy",
    "eject": "react-scripts eject",
    "lint": "node_modules/.bin/eslint src"
  },
  "babel": {
    "presets": [
      "react-app"
    ]
  }
}

I don't remember why we had node@0.0.0 in there I feel like it had to do with create-react-app or something I think. But even when I remove that, I still get

Never got this before upgrading to Node 8.x.x. I need to use Node 8 as I'm using util.promisify in my code already.

Activity

gibfahn

gibfahn commented on Jun 12, 2017

@gibfahn
Member

So the issue here is this warning right?

npm WARN registry Unexpected warning for https://registry.npmjs.org/: Miscellaneous Warning EINTEGRITY: sha1-UWbihkV/AzBgZL5Ul+jbsMPTIIM= integrity checksum failed when using sha1: wanted sha1-UWbihkV/AzBgZL5Ul+jbsMPTIIM= but got sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==. (11423 bytes)

That looks like an npm issue, you should raise this on their tracker (npm/npm).

A cursory glance at their tracker suggests this is a duplicate of npm/npm#17146.

gibfahn

gibfahn commented on Jun 12, 2017

@gibfahn
Member

I'll close this, comment if I've misunderstood something and I'll reopen.

added
wrong repoIssues that should be opened in another repository.
on Jun 12, 2017
dschinkel

dschinkel commented on Jun 12, 2017

@dschinkel
Author

thanks @gibfahn I'll post it over there.

bnoordhuis

bnoordhuis commented on Jul 15, 2017

@bnoordhuis
Member

Troll comment deleted. Next time it's a perma-ban, @chaudharisuresh997.

git-santosh

git-santosh commented on Aug 15, 2017

@git-santosh
10621 verbose Windows_NT 10.0.15063
10622 verbose argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "install" "--save"
10623 verbose node v8.2.1
10624 verbose npm  v5.3.0
10625 error code EINTEGRITY
10626 error sha1-PTDHGLCaPZbyPqTMH0A8TTup/08= integrity checksum failed when using sha1: wanted sha1-PTDHGLCaPZbyPqTMH0A8TTup/08= but got sha1-IddJ0tf3FO+KgwifNonymtHE/tw=. (15860 bytes)
10627 verbose exit [ 1, true ]

Getting error while installing npm package

james-ansari

james-ansari commented on Aug 16, 2017

@james-ansari

12256 verbose type OperationalError
12257 verbose stack Error: sha1-b3oaQGRG+i4YfslTmGmPTO5HYmk= integrity checksum failed when using sha1: wanted sha1-b3oaQGRG+i4YfslTmGmPTO5HYmk= but got sha1-juRg3eV2OcAghs1D6DFD5ZC4ezU=. (130548 bytes)
12257 verbose stack at Transform.on (E:\nodejs\node_modules\npm\node_modules\ssri\index.js:275:19)
12257 verbose stack at emitNone (events.js:110:20)
12257 verbose stack at Transform.emit (events.js:207:7)
12257 verbose stack at endReadableNT (_stream_readable.js:1059:12)
12257 verbose stack at _combinedTickCallback (internal/process/next_tick.js:138:11)
12257 verbose stack at process._tickCallback (internal/process/next_tick.js:180:9)
12258 verbose cwd E:\j Angular Exercise\loginEx
12259 verbose Windows_NT 6.1.7601
12260 verbose argv "E:\nodejs\node.exe" "E:\nodejs\node_modules\npm\bin\npm-cli.js" "install"
12261 verbose node v8.4.0
12262 verbose npm v5.3.0
12263 error code EINTEGRITY
12264 error sha1-b3oaQGRG+i4YfslTmGmPTO5HYmk= integrity checksum failed when using sha1: wanted sha1-b3oaQGRG+i4YfslTmGmPTO5HYmk= but got sha1-juRg3eV2OcAghs1D6DFD5ZC4ezU=. (130548 bytes)
12265 verbose exit [ 1, true ]

Rogasch

Rogasch commented on Aug 16, 2017

@Rogasch

Same here
`8944 verbose type OperationalError
8945 verbose stack Error: sha1-wNWmOycYgArY4ESSTpSachN1BhF4= integrity checksum failed when using sha1: wanted sha1-wNWmOycYgArY4ESSTpSachN1BhF4= but got sha1-wNWmOycYgArY4esPpSachN1BhF4=. (8058 bytes)
8945 verbose stack at Transform.on (C:\Program Files\nodejs\node_modules\npm\node_modules\ssri\index.js:275:19)
8945 verbose stack at emitNone (events.js:110:20)
8945 verbose stack at Transform.emit (events.js:207:7)
8945 verbose stack at endReadableNT (_stream_readable.js:1059:12)
8945 verbose stack at _combinedTickCallback (internal/process/next_tick.js:138:11)
8945 verbose stack at process._tickCallback (internal/process/next_tick.js:180:9)

8949 verbose node v8.4.0
8950 verbose npm v5.3.0`

james-ansari

james-ansari commented on Aug 17, 2017

@james-ansari

Hi @Rogasch I will suggest you to completely uninstall node and npm. Also delete npm and npm-cache folder. And reinstall using node-v6.11.2-x86.msi installer.

uniqueinx

uniqueinx commented on Oct 4, 2017

@uniqueinx

i had the same issue and
npm install -g npm
fixed it for me

GottfridL

GottfridL commented on Oct 19, 2017

@GottfridL

I got this problem when I got package-lock.json included in the commit. After removing package-lock.json I could run npm install without errors again.

22 remaining items

jakewhelan

jakewhelan commented on Dec 1, 2018

@jakewhelan

@sudipt1999 in my case, the problem was that we installed from registry A which was saved to package-lock, then sometime later we changed to registry B in .npmrc and tried to install again.

For whatever reason, the SHA1 was different between these two registries.

The solution was to delete package-lock and node_modules, and then re-generate dependencies and package-lock with npm i.

jenilChristo

jenilChristo commented on Dec 12, 2018

@jenilChristo

Had the same problem . Deleting package-lock.json and running npm cache clear -f fixed the issue.
This happened when i installed a module on node 6 and then reinstalled on node 8

wrabbit23

wrabbit23 commented on Mar 26, 2019

@wrabbit23

Committing package-lock.json is better than committing node_modules, which is insane.

@jakewhelan, any issue with not committing package-lock.json and relying on good 'ol package.json? I know this removes some efficiencies gained with package.lock but I'm tired of dealing with developers using different node versions and/or yarn and running into issues where package.lock gets out of sync. The fix seems to always be deleting package.lock. Its not worth the trouble IMHO.

I don't think anyone is suggesting committing node_modules ;)

jakewhelan

jakewhelan commented on Mar 26, 2019

@jakewhelan

Committing package-lock.json is better than committing node_modules, which is insane.

@jakewhelan, any issue with not committing package-lock.json and relying on good 'ol package.json? I know this removes some efficiencies gained with package.lock but I'm tired of dealing with developers using different node versions and/or yarn and running into issues where package.lock gets out of sync. The fix seems to always be deleting package.lock. Its not worth the trouble IMHO.

I don't think anyone is suggesting committing node_modules ;)

The issue is that good 'ol package.json only cares about respecting the Semver specification, it doesn't give a crap about whether your app works or not. It also doesn't care about keeping track of your dependency legacy.

If you don't commit package-lock.json you run the risk of having different dependencies each time you npm i. This means difference between local, CI and deployment/build artifacts, and also difference between what each developer has local. I find it hard to call a version of my code a 'version' when it changes after each install, and I don't like that the code may behave differently in production than in my local environment - huge red flag.

A further problem is that should you ever need to roll back, or go back to a previous version to debug something all of your dependencies will be different from the last time you were there - you will never be able to reproduce that one dependency-related production issue without package-lock.json because your dependency legacy is lost without package-lock.json.

It's a lot of moving parts that personally I'm not comfortable with.

In my opinion there are only two sane options that allow for complete confidence in your app:

  • Commit package-lock.json
  • Do not commit package-lock.json BUT do not use any Semver operators (^ ~ >= <=). You must specify explicit versions. This is a maintenance nightmare but maybe you would consider it less painful than your package-lock woes.
jakewhelan

jakewhelan commented on Mar 26, 2019

@jakewhelan

To be honest @wrabbit23 our workflow is that each time we install the app for local development, we delete the package-lock.json and node_modules anyway then install fresh. This would solve your problem.

As long as the app is still working after you npm i again, commit the new package-lock and you can still be confident it will remain the same as it moves around through different environments.

That's the best of both worlds.

broweratcognitecdotcom

broweratcognitecdotcom commented on Mar 26, 2019

@broweratcognitecdotcom

We remove ^ and ~ from our versions in all of our package.json files. We want absolute control. It doesn't make any problems for us.

skv4u

skv4u commented on Nov 6, 2019

@skv4u

i had the same issue and
npm install -g npm
fixed it for me

Ritesh143

Ritesh143 commented on Dec 5, 2019

@Ritesh143

I got this problem when I got package-lock.json included in the commit. After removing package-lock.json I could run npm install without errors again.

this worked

sxyengene

sxyengene commented on Dec 23, 2019

@sxyengene

I got this problem when I got package-lock.json included in the commit. After removing package-lock.json I could run npm install without errors again.

It helpful.resolved this proble by using this way.
I run the old project without any changes with npm packages.but different environment in npm registry.
I run it in docker. copy the package.json and package-lock.json to docker.
see this error.
fixed after removed the package-lock.json

vksgautam1

vksgautam1 commented on Apr 27, 2020

@vksgautam1

None of the above worked for me

vksgautam1

vksgautam1 commented on Apr 29, 2020

@vksgautam1

IMG_20200429_120030
Uploading IMG_20200429_120052.jpg…
I tried yarn and this is exact error i am getting now

alexxsanya

alexxsanya commented on Jan 28, 2021

@alexxsanya

i had the same issue and
npm install -g npm
fixed it for me

This helped me resolve the issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    npmIssues and PRs related to the npm client dependency or the npm registry.wrong repoIssues that should be opened in another repository.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @bnoordhuis@ChALkeR@dschinkel@lavenpillay@igordeoliveirasa

        Issue actions

          integrity checksum failed when using sha1 - Node v8+ · Issue #13635 · nodejs/node