Checksum failure

What I Wanted to Do

Do an NPM install with a freshly released dependency.

What Happened Instead

A recently published package failed to install due to integrity checksum failed when using sha512

Reproduction Steps

This is a private repository, can’t provide one :(

Details

This is the same as this one that got ignored here:

NPM cache verify solved it locally.

Then shortly after the installation failed on Circle CI. After lunch (30min+) it got working again :)

Platform Info

Error is platform independent.

$ npm --versions

{ 'tw-frontend-service': '0.0.1',
  npm: '6.5.0',
  ares: '1.13.0',
  cldr: '31.0.1',
  http_parser: '2.7.0',
  icu: '59.1',
  modules: '59',
  nghttp2: '1.25.0',
  node: '9.0.0',
  openssl: '1.0.2l',
  tz: '2017b',
  unicode: '9.0',
  uv: '1.15.0',
  v8: '6.2.414.32-node.8',
  zlib: '1.2.11' }

$ node -p process.platform

darwin

I’ve recently posted it again because npm verify is not the trick. Still no reply.

The npm support is still ignoring my emails. :frowning: Seems like someone there closed the ticket without giving a solution because I’ve got a “How would you rate the support you received?” email.

But this happens even on packages that are several weeks old, not only on fresh published packages.
The “best practice” now is deploy as long as it works.

I will stay strong and annoy mail the support until I got a real answer without stupid and helpless replies.

I figured it out MAYBE. I think that the end-of-line type could cause this problem. So I’ve converted all my files from CRLF to LF and republished my packages to npm. Now the first try was successfull. I hope that was the fix. Crazy that sometimes it worked and sometimes not.

But I would say that IS a bug and should get fixed soon.

That doesn’t explain why simply waiting and retrying resolves the issue. With no code change it should fail permanently :)

I’d guess it’s a caching issue on NPM’s side.

Yeah, tried again and still fails. :man_facepalming:

If someone from npm should read this: It fails only on private packages like on thread owner.

I tried something new: I am deleting the npm cache directly in npm preinstall script. In my case it’s sudo rm -r -f /tmp/.npm. Now I want to test a little bit more and drop information about this here.

1 Like