nativescript-cli
nativescript-cli copied to clipboard
EINTEGRITY error when running npm install
Environment
Provide version numbers for the following components (information can be retrieved by running tns info
in your project folder or by inspecting the package.json
of the project):
- CLI: 7.1.2
Describe the bug
I have set nativescript
as a dev dependency to my project (makes our life easier), but when doing an npm clean-install
(thus loading the exact versions in package-lock.json
) I get an integrity error.
npm ERR! code EINTEGRITY
npm ERR! sha512-bf7UQUo6n0c3Fxn5OXckpausCWjFg+qGLzN/LnaMsjF+9HYuSMbPPciWI6zPLu+KLnwjqwKzwPkozi/vxJYpvw==
integrity checksum failed when using sha512:
wanted sha512-bf7UQUo6n0c3Fxn5OXckpausCWjFg+qGLzN/LnaMsjF+9HYuSMbPPciWI6zPLu+KLnwjqwKzwPkozi/vxJYpvw==
but got sha512-h/TzJrgwzVV+W6laITBZAxAWfBjX4T0x+LF5XJdS1AzDkXqmraMNnKQ/O/f3AHJKVR85fOglUEdS/B0P1wS7Aw==. (5724 bytes)
Now, I noticed that nativescript
depends specifically on cli-table
packaged up as a nice tarball in https://github.com/telerik/cli-table/tarball/v0.3.1.2, (inside, the package.json
declares version 0.3.1
) but also the NPM registry provides the same 0.3.1
version itself.
The Telerik version has a checksum of bf7UQUo6n0c3Fxn5OXckpausCWjFg+qGLzN/LnaMsjF+9HYuSMbPPciWI6zPLu+KLnwjqwKzwPkozi/vxJYpvw==
(what's stored in package-lock.json
) and the NPM registry has a checksum of h/TzJrgwzVV+W6laITBZAxAWfBjX4T0x+LF5XJdS1AzDkXqmraMNnKQ/O/f3AHJKVR85fOglUEdS/B0P1wS7Aw==
(the offending one, as in the error above).
I see that the dependency is inherited from marked-terminal
(another non-NPM-repo dependency from https://github.com/NativeScript/marked-terminal/tarball/v3.1.1n) and as far as I can see those were declared A LONG time ago... Maybe it's time to get those deps up-to-date?
Workaround
For people stumbling around and finding the issue as well, this seems to be tricking NPM in resolving stuff correctly:
npm install --save-dev 'https://github.com/telerik/cli-table/tarball/v0.3.1.2'
npm install --save-dev 'https://github.com/NativeScript/marked-terminal/tarball/v3.1.1n'
rm -rf node_modules package-lock.json
npm install
(Basically, add the overridden dependencies from NativeScript to your own project)
Thanks for the workaround! Works well.
Thanks for the work-around!
This bug showed up for me when installing from a package-lock.json
using npm ci
.