Comments (7)
ahuth
commented on July 23, 2024
2
I think we're running into this, too.
The package-lock.json is generated on linux dev environments. But pushes to Heroku fail for the integrity checksum mismatch.
from pacote.
luxaritas
commented on July 23, 2024
1
I think we're running into this as well - we rely on github repo-based packages, and having installs fail due to integrity issues based on who's installing is rather problematic.
from pacote.
nevcos
commented on July 23, 2024
1
Same happening between Windows and Linux machines, very frustrating:
npm pack "git+ssh://[email protected]/jhiesey/idb-kv-store.git#109ccad165fd6470e12fd66025da9e4743a46043"
# integrity: sha512-qpMpLBvXY0w8J[...]J8drdjr3X9/2w== # Windows 10 with NPM 7.21.1
# integrity: sha512-4IWjabwqciNun[...]aXD5qGvf1Yrnw== # Windows 10 with NPM 6.14.15
# integrity: sha512-qpMpLBvXY0w8J[...]J8drdjr3X9/2w== # Ubuntu WSL with NPM 7.21.1
# integrity: sha512-pu/VZ6qKntixi[...]iPaYSOpTaEgrA== # Ubuntu WSL with NPM 6.14.15
from pacote.
akselikap
commented on July 23, 2024
I just ran into this issue and exactly the same variant as @ahuth. It seems like there hasn't been any updates to this as I'm using the newest version of npm (7.22.0) and it's still occurring.
from pacote.
jameskerr
commented on July 23, 2024
I have a package that contains a prepare script to build a go binary when installed. When I run npm pack <my git dependency> I get a different integrity value each time I run it on the same machine. With npm 6 it was stable.
Npm 6 -- stable
$ npm pack "git+https://github.com/brimdata/zed.git#0b6233ba43b8ae48585af9e1f4e7b93c97195411" |& grep integrity
npm notice integrity: sha512-DwGGh2q5ta6An[...]F71cfQHzLWyKQ==
$ npm pack "git+https://github.com/brimdata/zed.git#0b6233ba43b8ae48585af9e1f4e7b93c97195411" |& grep integrity
npm notice integrity: sha512-DwGGh2q5ta6An[...]F71cfQHzLWyKQ==
$ npm pack "git+https://github.com/brimdata/zed.git#0b6233ba43b8ae48585af9e1f4e7b93c97195411" |& grep integrity
npm notice integrity: sha512-DwGGh2q5ta6An[...]F71cfQHzLWyKQ==
$ npm -v
6.14.15
Npm 7 -- different every time
$ npm pack "git+https://github.com/brimdata/zed.git#0b6233ba43b8ae48585af9e1f4e7b93c97195411" |& grep integrity
npm notice integrity: sha512-/i5QW944neOZe[...]PlmRMHSvk0hZA==
$ npm pack "git+https://github.com/brimdata/zed.git#0b6233ba43b8ae48585af9e1f4e7b93c97195411" |& grep integrity
npm notice integrity: sha512-kh664omwauvXp[...]UDd6RbkQKYW9A==
$ npm pack "git+https://github.com/brimdata/zed.git#0b6233ba43b8ae48585af9e1f4e7b93c97195411" |& grep integrity
npm notice integrity: sha512-iZW1VW06yVaQG[...]eytlUvcwkkR+g==
$ npm -v
7.24.2
Note on reproducing: This is the public Zed repo so you can use the commands above, but you'll need go and make installed for it to succeed.
from pacote.
wraithgar
commented on July 23, 2024
from pacote.
ahuth
commented on July 23, 2024
Can confirm this is fixed for me.
from pacote.
Related Issues (20)
- [BREAKING] remove log property
- [BUG] out of memory on npm install: fork bomb preparing from git repos if they have scripts HOT 2
- [BUG] config field gets overwritten in package.json HOT 2
- [BUG] Proxy settings appear to be ignored.
- [BUG] _cached field is incorrect
- [BUG] No possibility to embed pacote in single js file HOT 2
- Version 15.0.1 HOT 8
- [BUG] Error when extracting a directory after updating from 13.0.4 to 15.0.3 HOT 2
- [BUG] Unlimited concurrent connections are opened when using http proxy HOT 3
- [BUG] `prepack` is not called on installation of git packages HOT 3
- Reporting a vulnerability HOT 1
- [BUG] SSH retry can retry on directory created by HTTP try tried first
- [BUG] FetcherBase._tarxOptions removes files with identical inodes HOT 1
- [BUG] fullMetadata vs. local packages vs. cache
- [BUG] CDN download doesn't use provided HTTP Authorization token (even if it's provided hardcoded in the URL)
- Update TAR dependency to 6.2.1 for Security Vulnerability HOT 1
- [BUG] Symlink support? HOT 1
- [Feature] Update TAR dependency (Security Vulnerability)
- [QUESTION] pacote and npm-registry-fetch/make-fetch-happen both cache tarballs. HOT 1
- [FEATURE] reduce file extractions on disk
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pacote.