Npm ERR code EINTEGRITY sha512 on npm install on jitsi-meet web

hmm… what gives on your build system:

wget https://codeload.github.com/jitsi/react-native/tar.gz/891986ec5ecaef65d1c8a7fe472f86cf84fe7551 
openssl dgst -sha512 -binary 891986ec5ecaef65d1c8a7fe472f86cf84fe7551| openssl base64 -A

if you get something different from:

XyTjnR3KN1Hsq0ftnn8j/1XivNTHpP4tPmH/Dik1Pw/3tC2azv8cWsVtP+qJQU0XZ4WFGq7B9KMuiYyehr73aA==

please report.

else run

tar -zxf 891986ec5ecaef65d1c8a7fe472f86cf84fe7551
cd react-native-891986ec5ecaef65d1c8a7fe472f86cf84fe7551

then you need to run

npm pack

but before doing it, ensure that the ‘npm’ you will use is the proper one (which npm)
you should get a file named react-native-0.61.5-jitsi.2.tgz
then run

openssl dgst -sha512 -binary react-native-0.61.5-jitsi.2.tgz  | openssl base64 -A

this is AFAICT what is doing npm to check archive integrity against package-lock.json.
You should get

VYzZHHsE6JV0igL/UV6i52yNiiWPkHdJIIQmUvKafLs2Np02vMlV05fYtlP6F/tF+BGn/lwZtDIc3VAIv+CxSA==

Hope this helps somewhat.

Perhaps try running make compile in the same directory instead of make? See if that helps.

I have been running into similar problems with the latest unstable releases. The latest stable works without issue. See my post from 10 days ago. ‘npm install’ fails due to invalid key? - Install & Config - Jitsi Community Forum - developers & users

This is caused by a bug in NPM. For Git dependencies (which jitsi-meet uses several of), it implements the checksum by taring up the checked out repository, compressing it, and then taking the checksum of the result.

The problem is that compression (e.g. gzip) is not guaranteed to give identical results on different architectures. So for example if you compress the same file on an arm64 machine (such as Apple M1) you may not get the same bytes as if you compress it on an x86-64 machine (but both files would still decompress to the same bytes).

You can work around it by removing the checksums from Git dependencies in the package-lock.json before running npm install. This is fairly safe because the Git deps are specified with commit hashes anyway, so Git’s hashing is ensuring the content hasn’t been modified.

perl -pi -e '$_="" if /"integrity":/ and $p=~/"(resolved|version)": "git\+ssh:/; $p=$_' package-lock.json
3 Likes

What worked for me was updating Ubuntu and deleting package-lock.json.

2 Likes

I just ran into a similar issue and deleting my package-lock.json then re-running npm install worked for me as well. Thanks for posting! Finding this was extremely helpful!

Would it make sense to include this upstream? At least when there is a new release. Then it would not have to be done on every clone of the repo.

There is a difference whether you install npm from brew or directly from nodejs.org.