ssri.parse(...).match is not a function error on npm install

(Simon Legg) #1

node version v8.11.3
npm version 6.4.1

When running npm install I am receiving an error

 TypeError: ssri.parse(...).match is not a function
    at childIsEquivalent (/usr/local/lib/node_modules/npm/lib/install/inflate-shrinkwrap.js:268:28)
    at inflatableChild (/usr/local/lib/node_modules/npm/lib/install/inflate-shrinkwrap.js:129:3)
    at (/usr/local/lib/node_modules/npm/lib/install/inflate-shrinkwrap.js:57:10)
    at tryCatcher (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
    at Object.gotValue (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/reduce.js:155:18)
    at Object.gotAccum (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/reduce.js:144:25)
    at Object.tryCatcher (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:512:31)
    at Promise._settlePromise (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:569:18)
    at Promise._settlePromiseCtx (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:606:10)
    at Async._drainQueue (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:138:12)
    at Async._drainQueues (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:143:10)
    at Immediate.Async.drainQueues (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:17:14)
    at runCallback (timers.js:810:20)
    at tryOnImmediate (timers.js:768:5)
    at processImmediate [as _immediateCallback] (timers.js:745:5)

I did some console logging in the npm/lib/install/inflate-shrinkwrap.js and line 268 (ssri.parse(sw.integrity).match(child.package._integrity) throws) given this sw value

	"version": "7.1.2",
	"resolved": "https: //",
	"integrity": "sha512-K3WDlpBPGpoW11SLKFEBhMsITomPovsrZ/wnM3y+WStbytukDXC0OBic3yQp+j058QUw0+R/jfx2obwp1fOzcA==",
	"dev": true,
	"requires": {
		"chokidar": "2.0.4",
		"commander": "2.19.0",
		"convert-source-map": "1.6.0",
		"fs-readdir-recursive": "1.1.0",
		"glob": "7.1.3",
		"lodash": "4.17.11",
		"mkdirp": "0.5.1",
		"output-file-sync": "2.0.1",
		"slash": "2.0.0",
		"source-map": "0.5.7"
	"dependencies": {
		"commander": {
			"version": "2.19.0",
			"resolved": "https: //",
			"integrity": "sha512-6tvAOO+D6OENvRAh524Dh9jcfKTYDQAqvqezbCW82xj5X0pSrcpxtvRKHLG0yBY6SD7PSDrJaj+0AiOcKVd1Xg==",
			"dev": true
		"slash": {
			"version": "2.0.0",
			"resolved": "https: //",
			"integrity": "sha512-ZYKh3Wh2z1PpEXWr0MpSBZ0V6mZHAQfYevttO11c51CaWjGTaadiKZ+wVt1PbMlDV5qhMFslpZCemhwOK7C89A==",
			"dev": true
		"source-map": {
			"version": "0.5.7",
			"resolved": "https: //",
			"integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=",
			"dev": true

(Frédéric Harper) #2

Can you send me your package.json file if it doesn’t contain personal content please? You can DM me a link to download it.

(Simon Legg) #3


(Frédéric Harper) #4

I am not able to reproduce the issue with the same version of Node and npm. Which OS are you using?

(Simon Legg) #5

I’m on MacOS 10.14.2

It seems the issue was around an entry we had in the package-lock.json. I’ve removed and it has resolved this issue. I wonder though that if the case was that the integrity of that package entry wasn’t right, that maybe a clearer error message could be given, something like (and I’m sort of guessing about the actual problem) The integrity of <package-name> couldn't be verified. Try removing your package-lock.json and running npm install.

I’m sorry, I don’t really know what this integrity checking actually does or if this is even a common enough issue.

(system) closed #6

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.