-
-
Notifications
You must be signed in to change notification settings - Fork 951
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TARBALL_INTEGRITY failing when installing package spdx-correct #3188
Comments
This checksum is the checksum of the 3.1.0 version of spdx-correct: I don't understand why your lockfile has it for the 3.1.1 version. Was there a merge conflict in the lockfile that was resolved incorrectly? |
Sorry, I missed the notification. Merge conflict is not an issue, since this is the first time I am updating the repo to use PNPM. We were using NPM previously. Could it happen for any odd reason where importing of existing lockfile fails? |
Were you using the `pnpm import` command?
Sri Harsha Chilakapati <notifications@github.com> ezt írta (időpont: 2021.
febr. 27., Szo 15:51):
… Sorry, I missed the notification. Merge conflict is not an issue, since
this is the first time I am updating the repo to use PNPM. We were using
NPM previously. Could it happen for any odd reason where importing of
existing lockfile fails?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#3188 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAOWTG7VKJWIUXAEQERDBRTTBD2G3ANCNFSM4YC64NDA>
.
|
No, I was just trying to do |
We've been experiencing similar symptoms in our big monorepo. The case is that sometimes after a package version update, PNPM seems to resolve a package from the local @sriharshachilakapati - check your @zkochan - I can't really come up with a reproduction case for this one, because it happens transiently, and when it happens, it's already too late. But what we've seen, is that sometimes, after updating a package version, the Local installs will succeed (however, installing the old package contents AS IF it was the new package fairly dangerous) and remote installs will break with the same errors like above, because the remote would actually download the new version's bundle, and fail because the integrity actually checks for the old version. Do you have any leads on the topic, why this could happen, or how we could support investigation? |
@shellscape in your case (#3137), did your package have the |
Were any of you using |
I have found a potential issue: fac8480 But I think it would only break with |
Yes, we usually use |
I have done a change that might fix the issue, so try and see if it still reproduces with pnpm@5.18.4 |
🚢 5.18.5 |
I'm having a similar issue. The only difference is that for me, both checksums are equal, so don't know why it's failing.
|
There's are differences between the two. Pay attention to the capital letters and lowercase letters too. |
Oh, you are right. My bad! After updating to the latest version the problem is gone. |
I'm getting this message when trying to install the spdx-correct package.
I'm on macOS Big Sur, and node version is 14.16.0 LTS. Using latest PNPM.
I also raised this at the package's repository at jslicense/spdx-correct.js#35 but the author things this is an issue of PNPM and not of spdx-correct.
Weirdly, it is working with NPM though, no warnings or errors. Any idea what is going wrong?
The text was updated successfully, but these errors were encountered: