[rush] NPM 5.6.0 reports "Unhandled rejection Error: Integrity check failed" during install #709
Comments
|
The repro is here: |
|
This appears to go away with |
octogonz
changed the title
update --purge when running in a new environment (CI)
|
Unhandled rejection implies some fundamentally incorrect async logic. The failed integrity check is also pretty suspect unless you generated the shrinkwrap file using a different major release of NodeJS: In the past that's anecdotally seemed to influence how the hashes are generated. |
|
Hmm... I also see that you're using node 10.4.1. That is an unstable release. NodeJS 8.x is the current LTS version. We've been burned so many times by non-LTS releases that I'm pretty sure Rush is now supposed to print a warning saying we don't support those versions. :-) |
|
BTW after running |
|
This code is also bothering me: /**
* This is a workaround for a bug introduced in NPM 5 (and still unfixed as of NPM 5.5.1):
* https://github.com/npm/npm/issues/19006
*
* The regression is that "npm install" sets the package.json "version" field for the
* @rush-temp projects to a value like "file:projects/example.tgz", when it should be "0.0.0".
* This causes "rush link" to fail later, when read-package-tree tries to parse the bad version.
* The error looks like this:
*
* ERROR: Failed to parse package.json for foo: Invalid version: "file:projects/example.tgz"
*
* Our workaround is to rewrite the package.json files for each of the @rush-temp projects
* in the node_modules folder, after "npm install" completes.
*/
private _fixupNpm5Regression(): void {
const pathToDeleteWithoutStar: string = path.join(this._rushConfiguration.commonTempFolder,
'node_modules', RushConstants.rushTempNpmScope);
// Glob can't handle Windows paths
const normalizedpathToDeleteWithoutStar: string = Text.replaceAll(pathToDeleteWithoutStar, '\\', '/');
let anyChanges: boolean = false;
// Example: "C:/MyRepo/common/temp/node_modules/@rush-temp/*/package.json"
for (const packageJsonPath of glob.sync(globEscape(normalizedpathToDeleteWithoutStar) + '/*/package.json')) {
// Example: "C:/MyRepo/common/temp/node_modules/@rush-temp/example/package.json"
const packageJsonObject: IRushTempPackageJson = JsonFile.load(packageJsonPath);
// The temp projects always use "0.0.0" as their version
packageJsonObject.version = '0.0.0';
if (JsonFile.save(packageJsonObject, packageJsonPath, { onlyIfChanged: true })) {
anyChanges = true;
}
}
if (anyChanges) {
console.log(os.EOL + colors.yellow(Utilities.wrapWords(`Applied workaround for NPM 5 bug`)) + os.EOL);
}
}If your inference is correct, that different versions of NPM have different bugs, then Rush 5 would be a great chance to say "We now no longer support NPM releases older than X." If 6.1.0 is stable, maybe that could be X. Then we could focus on that specific release and try to make it work reliably. In particular it's probably not a lot of work to either (1) finally fix read-package-tree to be able to read the node_modules folder without workarounds, or (2) replace this library with something else. I feel uncomfortable tampering with NPM's node_modules folder -- that workaround was intended to be shortlived. |
|
I am encountering the same issue: Deleting |
|
Does it repro with NPM 4.5.0? More recent NPM releases seem to have a lot of bugs. It's difficult for us to support because the bugs seem to be different in each version. We generally recommend PNPM, but if you can't use PNPM you might try Yarn. Rush 5.1.0 just introduced preliminary support for Yarn. It's not been heavily tested yet, but we're very interested in feedback and issues. |
|
@pgonzal I have tried before PNPM and encountered problems. I will try it again and report issues. |
octogonz
added
the
external issue
octogonz
changed the title
I am getting stack traces like this when I check out my repo and run
rush update -pin a new environment (specifically on my CI instance):Environment is:
The text was updated successfully, but these errors were encountered: