I have a mono-repo that contains 3 projects: the main project, and 2 dependent libraries.
We are currently trying to switch from yarn to npm (yay!), but I’m running into some problems.
With yarn, we just referenced the dependent libraries by their relative paths, and yarn made a copy of these directories. With npm, it seems to make a symlink instead - which, for reasons still unknown, makes our Angular app fail to build.
The best solution I could think of was to use npm pack. So when building the dependent projects, we run npm pack to create a tarball. Then, in the main project’s package.json, we reference the filenames of these tarballs. Locally, it all works as expected. It pulls in and extracts the tarballs when running npm install.
The problem is when we try to run npm install on the main project on our Drone CI server. The dependent projects are built fine, but when we run npm install on the main project, it fails saying “Integrity check failed”. It then shows the sha512 that was calculated vs the sha512 that was stored in package-lock.json.
I’m assuming that the reason for this is that the gzipped tar file contains the timestamp in the header, so every time the tarball is created it results in a different sha512.
I have two questions:
- Why don’t I get the integrity check failed error when I run npm install locally?
- Is there anything I can to do work around this issue?
Any ideas would be appreciated - thank you!