npm install: Verfication failed while extracting - javascript

READ BEFORE ANSWER: I've already solved this issue. It was a caching issue on the npm servers. Everything works fine after switching to GitHub packages. I've already accepted my own answer.
I have a project, which I want to deploy to elastic beanstalk but sometimes the deploy fails on the npm install script with the following message:
npm ERR! code EINTEGRITY
npm ERR! Verification failed while extracting #my-package#^1.2.0:
npm ERR! Verification failed while extracting #my-package#^1.2.0:
npm ERR! sha512-lQ...HA== integrity checksum failed when using sha512: wanted sha512-lQ...HA== but got sha512-nH...ow==. (4835509 bytes)
It fails even on packages which are severel weeks old.
I’ve tried:
npm cache clean --force
npm cache verify
node_modules is in .npmignore
package-lock.json is in .npmignore
Writing a mail to support#npmjs.com, but they replying always with some helpless default replies without any solution or intention to help.
It fails even on new elastic beanstalk instances.
I have no idea how to solve this problem.
EDIT: I've also tried to delete the npm cache while preinstall script, but it doesn't work either.
EDIT2: My repo has no package-lock.json.
EDIT3: My .npmrc file has the following content
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
unsafe-perm=true
package-lock=false
strict-ssl=false
EDIT4: I think it wasn't clear: It's a private package on the official npm registry. And it doesn't fail always. The current publish process includes several attempts to deploy on aws instance so long as it's succeed.

Have u try to delete package-lock.json?
OR
Try to delete npm and npm-cache folders
THEN
re-run npm install

Not exactly your case, but for those who run into the "integrity checksum failed" error the following might help. But first make sure you understand what's going on. npm tells you that the checksum from https://registry.npm.org doesn't match the one from package-lock.json. Either it changed in the registry, or...
Consider a line from the output:
npm ERR!
sha512-lQ...HA==
integrity checksum failed when using sha512: wanted
sha512-lQ...HA==
but got
sha512-nH...ow==
. (4835509 bytes)
Find the package in package-lock.json by the first two integrity checksums (sha512-lQ...HA==), and put the third one (sha512-nH...ow==) into its "integrity" field.
More on it here.

It seems to be a caching issue at the npm servers. We've switched from npm to GitHub packages, everything works fine there.

It could be that the version of NPM on these instances are out of date. Could you try either: npm install -g npm
Have you made sure that when this is deployed to beanstalk that the package-lock file is not on the instance? - If you have a bad lock file it needs to be deleted and re-generated.
Short of that, would need more information as you seem to have exhausted a lot of options.

This can happen if you request a version that is not available on the registry.
With #my-package#^1.2.0 you're requesting a version between >=1.2.0 and <2.0.0. Could it be that on this registry there is only a version that is older than 1.2.0 or newer than 2.0.0? Npm will install whatever it gets and not raise an error here.
You can check the version you get in an npm install by looking into node_modules/my-package/package.json.
If this is not happening when doing a local npm install, check wether the npm registry Amazon uses is containing your my-package package.
You could try to add the official npm registry to your Beanstalk project to check if it was the Amazon npm registry that did not contain your package. See How to use a private npm registry on Elastic Beanstalk? how to do this.

It seems to be a package-lock.json issue.
As in this answer
If you have not pushed package-lock.json in your repo, it will be generated while running npm install. So it is always better to add package-lock.json in the repo to avoid inconsistent package-lock.json files across local machine and deployment machine.
Could you please try pushing a fresh package-lock.json file to the repo and try?

In my case, as razki alludes to, the version of npm/node on the build server differed significantly from the version on the developer's local computer. Updating to a close enough version got rid of this problem.
For example:
The build server had: npm/6.13.4 node/v12.14.1
The developer has:    npm/6.14.8 node/v14.15.1.
The build server now: npm/6.14.10 node/v14.15.4
It seems the different versions calculate the sha differently for the same package. This is why removing the package-lock.json file can work in this particular situation - at least for a while, until the computer with the different version tries to build the project again.

Basically its concern about npm registery, Some home npm registery has been updated to another url.
You can run below command to see npm registery
npm config get registry
It should be set it
https://registry.npmjs.org/
If its not then run below command
npm config set registry https://registry.npmjs.org/
It will set npm registery. Now you can try again for
npm i
and it will install package successfully.

Related

Problem with the command "npm install fs"

I am not used to work with Linux, so maybe this is a silly question. In the lab that I am working on, I am asked to run the command "npm install fs" to read/write files.
But here is the error that i have and I don't know how to solve it, i couldn't find similar problems too.
PS: I am working on Ubuntu 17.10.
fs is a module that doesn't have to be installed. It comes part of node.js core so you only need to require it in your code.
Instead of running npm install fs --save, just add the following line in the file you're wanting to use it in:
const fs = require('fs');
Here are the docs: https://nodejs.dev/the-nodejs-fs-module
However, to address your question, the error message your receiving is likely due to the fact that:
You don't have a package.json in your project
You are not in the correct directory when running npm install ... and therefore it cannot find your package.json.
I believe your mistake is that you skipped the part where you initialize your npm repository (which generates your package.json).
To initialize an npm repo, do the following:
Navigate to your project root directory
Run npm init and follow the instructions if when prompted.

Can't authenticate to npm.fontawesome.com registry to install pro packages

I have configured my host globally as described in font awesome documentation
I am running the following:
npm config set "#fortawesome:registry" https://npm.fontawesome.com/
npm config set "//npm.fontawesome.com/:_authToken" "${NPM_FONT_AWESOME_AUTH_TOKEN}"
I have the following error:
npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="https://npm.fontawesome.com/"
I expect to authenticate.
If you access from a browser https://npm.fontawesome.com/ , you have a Basic auth, I am not sure what I should expect here as I have never tried before.
This happened recently, the configuration was working for year. Is it me or fontawesome server?
How to fix fontawesome npm authentication?
I am also got this same error!.. Below mentioned steps working for me...
Solutions
Step 1 : npm config delete "#fortawesome:registry" https://npm.fontawesome.com/
Step 2 : npm install / npm install <package_name>
or
otherwise add npm username & password.
I have the same problem because previously I have config with difference auth token, so I remove previous registry config using the command:
npm config delete "#fortawesome:registry"
FontAwesome does not keep your access active despite you have a license for one or more versions. The one way to get permanent access to your font awesome package is to host it on your own private registry or on a paid npm account.
Be aware that the provided files in direct download are not exactly the same as the npm package.
I advise fontawesome user to keep a copy of the distributed package to avoid checksum issue with lock files.
npm install in windows make two files npmrc i remove that line and solve problem!

How could the vue-cli-service crash because of the '#vue/cli-plugin-babel' module, if the node module is there?

Some background:
I started my project with a clone of this repository. Here's an example of the code. After some time, I realized that the vue-cli-service it used appeared to be old. (They even renamed it to '#vue/cli-service'). So, I ran npm update. The code has me use npm run serve to start the service. It's apparently equivalent to npx vue-cli-service serve. When I did that, it couldn't load some bootstrap stuff. I reinstalled bootstrap (npm install bootstrap#version (don't have access to the exact line I used). It then said it couldn't find '#vue/cli-plugin-babel'. I saw it right in the node_modules folder.
I fixed it using this process:
I ran npm update.
It first said that it could not find a font (no longer have the specific details). The error directed to the bootstrap.css file.
I reinstalled bootstrap.
I run npm run serve, and it says "Cannot find module '#vue/cli-plugin-babel'"
I see '#vue/cli-plugin-babel' showing in the node_modules folder
I run npm list --depth=0, and '#vue/cli-plugin-babel' does not show up.
I*’m seeing this
npm cache clean --force alone did not cause the site to resume. It still said “ Cannot find module '#vue/cli-plugin-babel'”.
Following the top SO answer here got my site to work again.
rm -rf node_modules/
npm cache clean (then replaced with npm cache verify on npm's prompt)
npm install (I wonder if it was possible to ignore ‘rm -rf node_modules/’ and just do the last two steps).
I run npm run serve, and the site works again.
After running npm list --depth=0 again, there are no more UNMET DEPENDENCY issues, like with #6.
Also on that SO Q&A, people talked about restructuring (reordering) the package.json file. In the top answer he says that a possible solution is to “Re-structure your package.json. Place all the high-level modules (serves as a dependency for others modules) at the bottom.”. I wonder if that relates to my issue.
My expected vs. actual results:
When I updated it, I actually sort of expected it to break. I got that.
But what I also expected was:
If the node module is there, it will not give me an error.
If I run npm install, all dependencies will be handled automatically.
If npm install doesn't do the trick, then npm cache clean --force should do the trick. (Note: I later learned about npm cache verify).
I got:
The '#vue/cli-plugin-babel' module was there and it gave an error saying it couldn't find it.
(And also 3.) Running npm install and npm install [unmet-dependency] did not work until after 'rm -rf node_modules/' -> `npm verify cache' and THEN -> 'npm install'.
Here are my guesses:
#vue/cli service doesn’t check the folders directly to see if a module exists (75% chance it’s true)
#vue/cli service uses a proxy, something like the packages.json file (but different) to see if a node exists (40%).
#vue/cli service caches commonly used stuff. So, when I ran it again after the update, it didn’t check the new stuff in my folder, it checked its cache. It didn’t line up. (10%).
For everything above, replace #vue/cli service with npm (10%).
Again, my biggest question is "How could the vue-cli-service crash because of the '#vue/cli-plugin-babel' module, if the node module is there?"
And "How did removing the node_modules folder, verifying the cache, and reinstalling with npm cause npx vue-cli-service serve to successfully run my site again (and find #vue/vue-plugin-babel)?".

`npm install` is not installing local package's sub-dependencies

I have a package (package-a) that depends on another package (package-b) which is not published to npm but is on my file system. When I run npm install from package-a, package-b's dependencies are not installed. I have to navigate to package-b's directory and run npm install manually. Is there a way to install both packages' dependencies with a single npm command?
Here's my directory structure:
/
...
shared/
...
javascript/
...
package-b/
package.json
package-a/
package.json
Per the docs, I placed the following in package-a/package.json. (I'm using npm 5+)
dependencies: {
package-b: "file:../shared/javascript/package-b",
}
When I navigate to /package-a and run npm install, it installs all of package-a's dependencies like normal and also copies the package-b directory to package-a/node_modules. This is presumably what lets me type require('package-b') instead of require('../shared/javascript/package-b') .
However, as I stated before, package-bs dependencies are not installed, so if I try to use package-a, I get an error when package-b is required because it is trying to use dependencies that do not exist locally.
Once again, to solve this, I can navigate to package-b and run npm-install, but I'm hoping there's a better solution as I may have many such sub packages and I'd like to avoid having to write a shell script to go install all my dependencies if I can do this with an npm command. (perhaps I just did something wrong and npm install should be working?)
Follow up question: when I run npm install from package-b's directory, the packages are installed there, but not in the version of package-b that got copied to /package-a/node_modules during the first npm install, yet everything still works. So now it seems like when I require('package-b') it is actually resolving to /shared/javascript/package-b and NOT /package-a/node_modules/package-b. So what's the point of copying the file in the first place?
Update
It turns out this is a bug in npm 5. It only occurrs when installing from a package-lock.json file. (Github Issue)
The files are (probably) not being copied, they're being symbolically linked (symlink). This essentially creates an alias/shortcut that looks like a real directory, but points to another path.
This is how the older npm link feature worked. The reason is the code stays "live"; Changes in the linked module are reflected whenever you run the module that's referencing them, meaning you don't have to npm update all the time.

Using specific version of npm shrinkwrap

I am deploying my node.js app to Appfog but since their install script cannot parse npm-shrinkwrap.json the whole deploy process fails.
An example dependency in shrinkwrap.json today looks like this
"async": {
"version": "0.2.10",
"from": "async#0.2.10", <--- This line breaks install script at appfog
"resolved": "https://registry.npmjs.org/async/-/async-0.2.10.tgz"
},
I went through the whole shrinkwrap file and removed the "from" part from each dependency declaration and i managed to upload my application, and it works.
So my question is , how do i use an older version of npm shrinkwrap so i can get the version of shrinkwrap.json that i need?
Appfog support told me i need to use version 1.1.21 but i have not succeeded in installing it.
Please ask if some info is missing.
if you just want to use an older version of npm, you can install it via npm (i know that sounds strange, but its possible)
npm install npm#1.1.21
edit: so you try to install a version of npm which does not exist. just run
npm view npm
and take a look at the property version, to see which versions you could install via npm.
you will see that 1.1.21 does not exist in the registry, which means that you should try to install it via github (see answer by #sakai).
but then you see the next problem. you are using node#0.10.26, and npm 1.1.21 is probably not compatible with node#0.10.x.
so i for myself see basically 2 possible solutions:
Solution 1:
use n (or maybe nvm for switching node-versions back and forth. you could try to install a node#0.8.x version and try to install npm#1.1.21 there, and when done with shrinkwrapping switch back to your current node version.
Solution 2
you could setup some kind of grunt/gulp-task (i hope you use one of them) to run grunt/gulp shrinkwrap, which generates your shrinkwrap.json (via npm shrinkwrap) and when done cleans up your shrinkwrap.json
Try this:
npm install https://github.com/npm/npm/archive/v1.1.21.tar.gz
node ./node_modules/npm/bin/npm-cli.js shrinkwrap
Another—possibly simpler—solution is to just include node_modules into your repo.
Related: Should I check in node_modules to git when creating a node.js app on Heroku?

Categories