The EINTEGRITY error occurs when the downloaded package's SHA checksum doesn't match the expected value in package-lock.json. This security feature prevents installation of tampered or corrupted packages.
This error is a security feature. npm compares the SHA-512 checksum of downloaded packages against the integrity hash stored in package-lock.json. When they don't match, npm aborts installation to prevent potentially compromised packages from being installed. The mismatch can occur due to cache corruption, registry issues, or different npm versions using different hash algorithms (SHA1 vs SHA512).
Start with the least destructive fix:
npm cache verifyThis garbage collects corrupted data and verifies cache integrity. Try npm install again after.
If verify doesn't fix it, clean everything:
# Remove local state
rm -rf node_modules package-lock.json
# Clear npm cache
npm cache clean --force
# Verify cache is clean
npm cache verify
# Reinstall (regenerates lock file)
npm installEnsure consistent checksum algorithms:
npm install -g npm@latest
# Then reinstall project
rm -rf node_modules package-lock.json
npm cache clean --force
npm installnpm v5 used SHA1, newer versions use SHA512. Upgrading ensures compatibility.
If the lock file is corrupted, restore from a known-good state:
# From previous commit
git checkout HEAD~1 -- package-lock.json
# Or from main branch
git checkout main -- package-lock.json
# Then clean and install
npm cache clean --force
npm installIf one package fails and you can identify the correct hash from the error:
The error shows "expected X but got Y". Open package-lock.json and find the failing package:
{
"packages": {
"node_modules/failing-package": {
"integrity": "sha512-REPLACE_WITH_GOT_VALUE"
}
}
}Replace with the "but got" value, then run:
npm cache clean --force
npm installFor CI environments, npm ci is more reliable:
# GitHub Actions
- name: Install dependencies
run: npm cinpm ci strictly validates against the lock file but handles integrity verification more gracefully in CI environments.
The EINTEGRITY error is a security feature—it prevents supply chain attacks where a package might be replaced with malicious code.
For team consistency:
- All team members should use the same npm version
- Add .nvmrc file to specify Node version
- Always commit package-lock.json
- Use npm ci in CI/CD instead of npm install
If using multiple registries (public + private), ensure package-lock.json was generated with the same registry configuration. Switching registries requires regenerating the lock file.
npm ERR! code E401 npm ERR! 401 Unauthorized - Token has expired
Token has expired - npm authentication failure
npm ERR! code EAI_NODATA npm ERR! errno EAI_NODATA npm ERR! getaddrinfo EAI_NODATA registry.npmjs.org
How to fix "npm ERR! code EAI_NODATA - getaddrinfo EAI_NODATA"
npm ERR! code EMPTYPACKAGE npm ERR! Package contains no files
How to fix 'npm ERR! code EMPTYPACKAGE' - Package contains no files
npm ERR! code EWORKSPACEMISSING npm ERR! Workspace does not exist: packages/missing
How to fix "npm ERR! code EWORKSPACEMISSING - Workspace does not exist" error
npm ERR! code EADDRNOTAVAIL npm ERR! errno EADDRNOTAVAIL npm ERR! Address not available
How to fix "npm ERR! code EADDRNOTAVAIL - Address not available" error