Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Checksum error #11

Open
frikiluser opened this issue Feb 17, 2023 · 7 comments
Open

Checksum error #11

frikiluser opened this issue Feb 17, 2023 · 7 comments

Comments

@frikiluser
Copy link

Hi,

I'm trying to build silvermine/videojs-chromecast and silvermine/videojs-airplay and I've got the following error in both cases:

npm ERR! sha512-KrYZzR9lTlVRXlq6wlvxwn5zBIIVto0DQyB2o//kUUMcAUaB2uYRSmzsVgjSu93NjjMz3C/IwoDysqTBUe5bEw== integrity checksum failed when using sha512: wanted sha512-KrYZzR9lTlVRXlq6wlvxwn5zBIIVto0DQyB2o//kUUMcAUaB2uYRSmzsVgjSu93NjjMz3C/IwoDysqTBUe5bEw== but got sha512-94PNadur6JfRFG6YN4F0fd2k596PYY7rTsHY1d5KjOjNGSzTSx41C+1cDZLkyXKDQfenJe7j0n+m50LoQ/9PjQ==. (2278 bytes)

The package-lock.json in both projects contain:

    "node_modules/silvermine-serverless-utils": {
      "version": "0.1.0",
      "resolved": "git+ssh://[email protected]/silvermine/serverless-utils.git#910f1149af824fc8d0fa840878079c7d3df0f414",
      "integrity": "sha512-KrYZzR9lTlVRXlq6wlvxwn5zBIIVto0DQyB2o//kUUMcAUaB2uYRSmzsVgjSu93NjjMz3C/IwoDysqTBUe5bEw==",
      "dev": true,
      "license": "MIT"
    },

Removing integrity line workarounds the problem.

@jthomerson
Copy link
Member

@pbredenberg is this related to recent Node upgrades?

@frikiluser
Copy link
Author

Tested with npm=7.5.2 and node=18.13.0.

npm update before npm install solves the problem.

May the package-lock.json file be removed from the repository? Sorry I'm not a js guy 😅

@pbredenberg
Copy link
Contributor

Hi @frikiluser - I just tested this using Node.js 18.13.0 and NPM 7.5.2, and I was able to build videojs-chromecast 1.3.4 with grunt build and wasn't able to reproduce this issue.

Could you share what version of silvermine/videojs-chromecast and silvermine/videojs-airplay you're trying to build?

@frikiluser
Copy link
Author

Hi @pbredenberg It failed with npm install unless I run npm update before.

@pbredenberg
Copy link
Contributor

pbredenberg commented Feb 27, 2023

Hi @pbredenberg It failed with npm install unless I run npm update before.

Thanks for your reply. I understand what you're telling me from the thread here so far, but can you please let me know specifically which versions of the two libraries you are trying to build? Are they the very latest?

@frikiluser
Copy link
Author

which versions of the two libraries you are trying to build? Are they the very latest?

Last tagged releases

@pbredenberg
Copy link
Contributor

@frikiluser this issue doesn't appear to be related to serverless-utils, and I'm not able to reproduce it. If you can provide a MRE demonstrating the problem, I'd be happy to look further.

To directly answer your question as to whether we can remove the package-lock.json file, there are many reasons they are important to have in every project. These are stated in NPM's documentation if you're interested in taking a look.

Not directly stated in the above document, but still important nonetheless, is the value of the dependency's integrity field which is causing your issues. NPM verifies this SHA hash against the compressed tarball of each dependency, and if there is a mismatch, it will throw an error. There are several reasons this could happen, but most likely there was a problem downloading the package initially, causing the tarball to become corrupt, thus this check would fail.

In some cases, removing the node_modules/ directory and the package-lock.json file, then running npm install again (rebuilding the dependency tree) will fix the problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants