Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-20509

Checksum issue with npm modules, likely due to incorrect handling of scoped modules

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: 6.9.5
    • Fix Version/s: None
    • Component/s: NPM
    • Labels:
      None

      Description

      When doing an npm install from our Artifactory server we get checksum errors, e.g.

      npm ERR! code EINTEGRITY

      npm ERR! sha-XXXX integrity checksum failed when using sha1: wanted sha1-XXXX but got sha512-YYYY

      I am pretty sure this is due to the following:

      • user uploads a package such as 'vfile-message@1.0.1' to artifactory by uploading a file called vfile-message.tar.gz via the Artifactory Web UI
      • at a later date, a user uploads a different module, with the same name and the same version number but in a different scope, e.g.  '@types/vfile-message@1.0.1'. The file that is uploaded is also named vfile-message.tar.gz
      • when doing an npm install for  vfile-message we download the wrong package and get the shasum fror @types/vfile-message from Artifactory

      I would happily provide more accurate steps to recreate if I could get a copy of Artifactory with npm support in which to use, ideally as a Docker container. Unfortunately I don't think this can be done with the OSS docker image.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              penx Alasdair McLeay
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: