Affects Version/s: 6.9.5
Fix Version/s: None
When doing an npm install from our Artifactory server we get checksum errors, e.g.
npm ERR! code EINTEGRITY
npm ERR! sha-XXXX integrity checksum failed when using sha1: wanted sha1-XXXX but got sha512-YYYY
I am pretty sure this is due to the following:
- user uploads a package such as 'email@example.com' to artifactory by uploading a file called vfile-message.tar.gz via the Artifactory Web UI
- at a later date, a user uploads a different module, with the same name and the same version number but in a different scope, e.g. '@firstname.lastname@example.org'. The file that is uploaded is also named vfile-message.tar.gz
- when doing an npm install for vfile-message we download the wrong package and get the shasum fror @types/vfile-message from Artifactory
I would happily provide more accurate steps to recreate if I could get a copy of Artifactory with npm support in which to use, ideally as a Docker container. Unfortunately I don't think this can be done with the OSS docker image.