Home > OS >  Disable integrity check for local dependency in package-lock.json
Disable integrity check for local dependency in package-lock.json

Time:11-09

How can I disable the integrity check for a local dependency in package-lock.json?

In my repository, I have a base library as well as two Angular apps with both use my base library as dependency.

Unfortunately, the integrity sha512 of the base library is with every build different, and npm fails installing the dependencies.

This is what it outputs:

npm ERR! code EINTEGRITY
npm ERR! Verification failed while extracting @me/base-library@file:../lib/me-base-library-1.0.0.tgz:
npm ERR! Verification failed while extracting @me/base-library@file:../lib/me-base-library-1.0.0.tgz:
npm ERR! Integrity check failed:
npm ERR!   Wanted: sha512-(...)
npm ERR!    Found: sha512-(...)

Excerpt from "package-lock.json":

"@me/base-library": {
  "version": "file:../lib/me-base-library-1.0.0.tgz",
  "integrity": "sha512-(...)" // <- different with every build
}

Is there any way to disable integrity checks for local dependencies?

CodePudding user response:

I'm not sure such a possibility exists – basically, it would be a switch to toggle security issues on.

To fix this issue without introducing security issues, you could re-install the package again, which should update the value of integrity:

npm install file:../lib/me-base-library-1.0.0.tgz

To automate this, you can create an npm script:

{
  "scripts": {
    "update-base": "npm install file:../lib/me-base-library-1.0.0.tgz"
  }
}

npm run update-base

CodePudding user response:

I could fix the issue by referencing to the directory of my library instead of the TGZ file. npm and yarn (both tested) do not generate integrity hashes for folders, only for files. In my package.json files of the Angular apps, I have just changed "@me/base-library": "file:../lib/me-base-library-1.0.0.tgz" into "@me/base-library": "file:../lib".

Additionally, I had to add some properties to the package.json file of base library:

  "main": "lib/bundles/me-base-library.umd.js",
  "module": "lib/fesm2015/me-base-library.js",
  "es2015": "lib/fesm2015/me-base-library.js",
  "esm2015": "lib/esm2015/me-base-library.js",
  "fesm2015": "lib/fesm2015/me-base-library.js",
  "typings": "lib/me-base-library.d.ts"

Page link:https//www.codepudding.com/os/184765.html

Prev:How to disable first body font styles to the first row in the body of a Handsontable hot-table?
Next:Angular NGRX: Use withLatestFrom to call api only once. However, 'loader' is still set to
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding