Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regenerate integrity checks to sha512 #7399

Merged
merged 1 commit into from
Jun 21, 2018
Merged

Regenerate integrity checks to sha512 #7399

merged 1 commit into from
Jun 21, 2018

Conversation

danielbachhuber
Copy link
Member

@danielbachhuber danielbachhuber commented Jun 20, 2018
edited
Loading

@danielbachhuber danielbachhuber added this to the 3.1 milestone Jun 20, 2018
@danielbachhuber danielbachhuber requested a review from a team June 20, 2018 11:18
@gziolo
Copy link
Member

gziolo commented Jun 20, 2018
edited
Loading

I'm wondering if it all boils down to removing node_modules folder locally and running npm install again. @ntwb, do you happen to know why those sha values change so often between local setups?

At least this is how I was able to resolve the issue with seeing package-lock.json modified after checking out the latest master.

@gziolo gziolo requested a review from ntwb June 20, 2018 11:19
@gziolo gziolo added the [Type] Build Tooling Issues or PRs related to build tooling label Jun 20, 2018
@danielbachhuber
Copy link
Member Author

I'm wondering if it all boils down to removing node_modules folder locally and running npm install again.

I was able to regenerate the sha512 values simply with npm install.

@ntwb
Copy link
Member

ntwb commented Jun 21, 2018

AFAIK it is a caching issue, if npm had previously downloaded the same package/module version and stored it using a SHA1 hash then that is what is used when updating the lock file.

The typical fix is to npm cache clean --force when you find any patches you create are using SHA1/SHA256 in package-lock.json.

FWIW I enquired about this issue with npm support ~6 months ago as I believed there was anecdotal evidence that downloading from non-USA npm mirrors would cause an increase in instances of this issue, the resolution was to use the fix above and try again /shrug

@gziolo
Copy link
Member

gziolo commented Jun 21, 2018

Thanks @ntwb, let's get it in and try to avoid sha changes in package-json.lock in the future PRs. It should mitigate the issue. I'm sure we had the same issues with npm 5.6 or something.

@gziolo gziolo merged commit 82cfb4f into master Jun 21, 2018
@gziolo gziolo deleted the regenerate-integrity branch June 21, 2018 09:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ntwb ntwb ntwb approved these changes

Assignees
No one assigned
Labels
[Type] Build Tooling Issues or PRs related to build tooling
Projects
None yet
Milestone
3.1
Development

Successfully merging this pull request may close these issues.
3 participants
@danielbachhuber @gziolo @ntwb