The EINTEGRITY error occurs when npm detects a mismatch between the SHA-512 integrity hash of a downloaded package and the expected hash stored in package-lock.json. npm uses cryptographic hashing to verify that downloaded packages haven't been corrupted or tampered with.
The EINTEGRITY error occurs when npm detects a mismatch between the SHA-512 integrity hash of a downloaded package and the expected hash stored in package-lock.json. npm uses cryptographic hashing to verify that downloaded packages haven't been corrupted or tampered with. When the calculated hash doesn't match the stored hash, npm refuses to proceed to protect your system from potentially compromised or corrupted packages. This is a security feature designed to ensure package integrity and detect tampering or corruption during download.
Run npm cache verify to check and repair npm's local cache. This command performs garbage collection and verifies the integrity of cached data:
npm cache verifyThis works for many users as a quick fix.
If cache verify doesn't work, force clear the entire npm cache and reinstall:
npm cache clean --force
npm installThis removes all cached packages and downloads fresh copies from the registry.
Remove both package-lock.json and node_modules directory, clear cache, and run a fresh install:
rm -rf node_modules package-lock.json
npm cache clean --force
npm cache verify
npm installThis regenerates the lock file with current npm checksums and eliminates compatibility issues.
Update npm itself to the latest version before reinstalling. Newer npm versions have better cache handling:
npm install -g npm@latest
npm installCheck that your internet connection is stable. Try switching networks (e.g., from WiFi to mobile data) to rule out ISP/firewall blocking.
If using a corporate proxy, ensure npm is properly configured:
npm config set proxy http://proxyhost:port
npm config set https-proxy http://proxyhost:portIf you're using a custom or private registry, reset to the official npm registry:
npm config set registry https://registry.npmjs.org/
npm installThis eliminates registry-side checksum issues.
If all else fails, some users have success switching to yarn, which has different cache and integrity verification mechanisms:
npm install -g yarn
rm -rf node_modules package-lock.json
yarn installSHA-1 vs SHA-512 Transition: npm changed its integrity checksum algorithm from SHA-1 to SHA-512 starting with npm v5. If your package-lock.json was generated with an older npm version, it will contain SHA-1 hashes while newer npm expects SHA-512. Regenerating the lock file fixes this.
Private Registry Complications: When using Verdaccio, Artifactory, or other private npm registries/proxies, they may regenerate checksums differently than the public npm registry. Clearing the private registry's cache may be necessary.
Cache Self-Healing: As of npm@5, the npm cache is designed to self-heal from corruption by treating integrity mismatches as cache misses and re-downloading packages.
Corporate Environments: Proxy servers, firewalls, and HTTP interception (SSL inspection) in corporate environments can modify or corrupt packages in transit.
System Clock Issues: Significant system clock skew can cause signature verification to fail. Ensure your system time is synchronized with NTP.
npm notice access token expired or revoked. Please try logging in again.
Token has expired - npm authentication failure
npm ERR! code EAI_AGAIN
How to fix "EAI_AGAIN" in npm
npm error code E403 npm error 403 Forbidden - PUT https://registry.npmjs.org/<package>
How to fix 'E403 Forbidden' error in npm
npm ERR! code EUSAGE npm ERR! Usage error
How to fix "npm ERR! code EUSAGE" in Node.js projects
npm ERR! code E401 npm ERR! 401 Unauthorized
How to fix "E401 Unauthorized" in npm