The EINTEGRITY error occurs when npm detects a mismatch between the SHA-512 integrity hash of a downloaded package and the expected hash stored in package-lock.json. npm uses cryptographic hashing to verify that downloaded packages haven't been corrupted or tampered with.
The EINTEGRITY error occurs when npm detects a mismatch between the SHA-512 integrity hash of a downloaded package and the expected hash stored in package-lock.json. npm uses cryptographic hashing to verify that downloaded packages haven't been corrupted or tampered with. When the calculated hash doesn't match the stored hash, npm refuses to proceed to protect your system from potentially compromised or corrupted packages. This is a security feature designed to ensure package integrity and detect tampering or corruption during download.
Run npm cache verify to check and repair npm's local cache. This command performs garbage collection and verifies the integrity of cached data:
npm cache verifyThis works for many users as a quick fix.
If cache verify doesn't work, force clear the entire npm cache and reinstall:
npm cache clean --force
npm installThis removes all cached packages and downloads fresh copies from the registry.
Remove both package-lock.json and node_modules directory, clear cache, and run a fresh install:
rm -rf node_modules package-lock.json
npm cache clean --force
npm cache verify
npm installThis regenerates the lock file with current npm checksums and eliminates compatibility issues.
Update npm itself to the latest version before reinstalling. Newer npm versions have better cache handling:
npm install -g npm@latest
npm installCheck that your internet connection is stable. Try switching networks (e.g., from WiFi to mobile data) to rule out ISP/firewall blocking.
If using a corporate proxy, ensure npm is properly configured:
npm config set proxy http://proxyhost:port
npm config set https-proxy http://proxyhost:portIf you're using a custom or private registry, reset to the official npm registry:
npm config set registry https://registry.npmjs.org/
npm installThis eliminates registry-side checksum issues.
If all else fails, some users have success switching to yarn, which has different cache and integrity verification mechanisms:
npm install -g yarn
rm -rf node_modules package-lock.json
yarn installSHA-1 vs SHA-512 Transition: npm changed its integrity checksum algorithm from SHA-1 to SHA-512 starting with npm v5. If your package-lock.json was generated with an older npm version, it will contain SHA-1 hashes while newer npm expects SHA-512. Regenerating the lock file fixes this.
Private Registry Complications: When using Verdaccio, Artifactory, or other private npm registries/proxies, they may regenerate checksums differently than the public npm registry. Clearing the private registry's cache may be necessary.
Cache Self-Healing: As of npm@5, the npm cache is designed to self-heal from corruption by treating integrity mismatches as cache misses and re-downloading packages.
Corporate Environments: Proxy servers, firewalls, and HTTP interception (SSL inspection) in corporate environments can modify or corrupt packages in transit.
System Clock Issues: Significant system clock skew can cause signature verification to fail. Ensure your system time is synchronized with NTP.
npm ERR! code ENOAUDIT npm ERR! Audit endpoint not supported
How to fix "npm ERR! code ENOAUDIT - Audit endpoint not supported"
npm ERR! code EBADDEVENGINES npm ERR! devEngines.runtime incompatible with current node version
How to fix "npm ERR! code EBADDEVENGINES - devEngines.runtime incompatible with current node version"
npm ERR! code ETOOMANYARGS npm ERR! Too many arguments
How to fix "npm ERR! code ETOOMANYARGS - Too many arguments"
npm ERR! code EINVALIDTAGNAME npm ERR! Invalid tag name: tag names cannot contain spaces
How to fix "npm ERR! code EINVALIDTAGNAME - tag names cannot contain spaces"
npm ERR! code E400 npm ERR! 400 Bad Request
How to fix "npm ERR! code E400 - 400 Bad Request" error