[BUG] No Debug Information in Integrity checksum failed Error

[fishcharlie]

Current Behavior:

Error message doesn't give ANY relevant details. What integrity checksum failed? Assuming this is related to a package, which package was this related to? What download URL produced the checksum output we got?

There is NOTHING in this error message to help me debug this.

npm ERR! code EINTEGRITY
npm ERR! Integrity checksum failed when using sha512: wanted sha512-cE1jYr2dEg1wBImvXlNtp0xDoS79rfEdGozQVgliDZj1uERH4k+rmEMTudP9b4VQ8O6nRb5gPqft0QzEQGMQgA== but got sha512-mkv/s9Q6ieanbiaYUvxxC765JuR+OLTojYj16UaGRX92FxM2XWb/lfqKrukSBJ47hmYv0Bhm57DXOpb/cGxdbA==.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/charliefish/.npm/_logs/2021-03-25T02_31_01_025Z-debug.log

Expected Behavior:

Error message to give relevant details

Steps To Reproduce:

1. Produce Integrity checksum failure (not quite sure how to do this manually)
2. Notice how error doesn't give any debug information

Environment:

• OS: macOS 11.3 Beta (20E5217a)
• Node: v15.11.0
• npm: 7.6.0

[nlf]

does the debug log mentioned at the bottom of that error give you anything more? can you share it here?

i agree this error message could use some enhancement, but there's generally some hints elsewhere in the log as to what was taking place when the integrity mismatch happened.

[fishcharlie]

@nlf Not that I can see. Attaching the entire log file here.

One note I forgot to mention. Using verdaccio as a proxy. Which obviously I think might be causing the problem. But really hard to debug it or bust it's cache for that item if I don't even know where the error is coming from. Or even report the bug to them.

If you happen to know what the problem is off the top of your head, that'd be awesome, but otherwise, really just need a more detailed log message about where this problem is occurring so I can debug further on my own.

2021-03-25T02_31_01_025Z-debug.log

[nlf]

you're right, i can't pin the integrity mismatch down to a specific file based on this log either. that's not very helpful at all. we definitely need to improve our error here to at least tell you what file failed its integrity check.

[nlf]

if you search your package-lock.json for the value sha512-cE1jYr2dEg1wBImvXlNtp0xDoS79rfEdGozQVgliDZj1uERH4k+rmEMTudP9b4VQ8O6nRb5gPqft0QzEQGMQgA== i suspect you'll find an entry that tells you what module at what path it's trying to download

for that module, however, i also suspect there won't be a resolved field. i'm not entirely sure how you could end up with a package-lock that has integrity but not resolved, but that's the only way i've been able to reproduce this specific error.

can you check your package-lock for that integrity value and let me know what that particular object looks like?

[fishcharlie]

@nlf Removing the yarn.lock file fixed the issue. For reference here was the repo I was trying to run npm i --legacy-peer-deps with.

Still feel like this error should be better tho.

[nlf]

I'm glad you found a solution. I completely agree the error needs to be better, and intend to keep this issue open to track exactly that

[ottworks]

I also experienced this bug with NPM 7.x, which worked fine on NPM 6.x. I fixed my problem by changing dependencies from git+https://gitlab.com/groupname/reponame.git to gitlab:groupname/reponame.