Why did package-lock.json change the integrity hash from sha1 to sha512?

后端未结

关注

 7  936

日久生厌 2021-01-31 23:50

I just generated a new npm lockfile, package-lock.json, as part of my typical workflow. But I noticed that this time all of the integrity hashes have been changed from sha1 to s

7条回答

一生所求 (楼主)

2021-02-01 00:31
I'm working in big team. Forcing every developer to force clean npm cache is difficult and not reliable. Also, this doesn't help every time. So, for anyone who still facing this npm issue (same as me) and nothing else helps – try this git based tool I've built recently: https://github.com/kopach/lockfix. It reverts sha512 -> sha1 integrity changes of npm's lock files. If you add this to your postshrinkwrap script of package.json - you should eventually get all integrity properties set to sha512 and have lock file consistent.
```
npm install --save-dev lockfix
```
```
"scripts": {
    "postshrinkwrap": "lockfix",
},
```
0 讨论(0)

查看其它7个回答
发布评论:

提交评论
- 加载中...