npm ERR! code EINTEGRITY
This error matches known, documented patterns with reliable solutions.
Quick Fix (Most Common Solution)
- Run npm cache clean --force
- Delete package-lock.json and reinstall
Seeing "npm ERR! code EINTEGRITY"? This error can be frustrating, but it's usually fixable. It typically affects your development workflow or system. Below you'll find clear, step-by-step solutions to resolve this issue.
What This Error Means
The downloaded package does not match the expected checksum in package-lock.json.
Frequently documented in developer and vendor support forums.
Not affiliated with browser, OS, or device manufacturers.
New here? Learn why exact error messages matter →
Common Causes
- Corrupted npm cache
- Network issues during download
- Modified package-lock.json
How to Fix
- Run npm cache clean --force
- Delete package-lock.json and reinstall
- Check network connection stability
Last reviewed: March 2026 How we review solutions
Why This Happens
EINTEGRITY fires when the SHA-512 hash of a downloaded package tarball does not match the hash recorded in your package-lock.json. npm uses Subresource Integrity (SRI) hashes to verify that packages have not been tampered with between the time your lockfile was generated and the time they are downloaded. This is a critical security feature—it prevents supply chain attacks where an attacker replaces a legitimate package tarball with a malicious one on the registry. The most common benign cause is a stale npm cache: if a cached tarball was corrupted (disk error, interrupted download, or partial write), its hash will not match the expected value. The second most common cause is a lockfile mismatch: if your lockfile was generated against one registry (e.g., the public npm registry) and you install against a different registry (a corporate proxy), the proxy may serve a slightly different tarball with different metadata, changing the hash. Less commonly, EINTEGRITY can appear after a package author unpublishes and republishes the same version with different contents, though npm explicitly blocks this for the public registry. In legitimate security events, this error is your first warning that something in the supply chain may have been compromised.
Quick Diagnostic Checklist
- Clear the npm cache: npm cache clean --force
- Delete node_modules and package-lock.json, then npm install
- Verify you are using the same registry that generated the lockfile
- Check if a corporate proxy (Artifactory, Nexus) is modifying tarballs
- Run npm cache verify to check for corrupted cache entries
Fixing EINTEGRITY checksum mismatch
# Error output:
# npm ERR! code EINTEGRITY
# npm ERR! sha512-abc123...def456 integrity checksum failed when using sha512:
# npm ERR! wanted sha512-abc123...def456 but got sha512-xyz789...uvw012
# npm ERR! for tarball /home/user/.npm/_cacache/content-v2/sha512/ab/c1/...
# Step 1: Clear the corrupted cache
$ npm cache clean --force
# Cache cleared successfully
# Step 2: Remove node_modules and lockfile
$ rm -rf node_modules package-lock.json
# Step 3: Fresh install (regenerates lockfile with correct hashes)
$ npm install
# If the error persists after cache clear:
# Step 4: Check your registry configuration
$ npm config get registry
# https://registry.npmjs.org/ <-- Should match lockfile
# Step 5: Verify cache integrity
$ npm cache verify
# Verified contents: 1523 entries
# Finished in 4.2s
# Step 6: If using a corporate proxy, bypass it temporarily
$ npm install --registry=https://registry.npmjs.org/
# If this works, the proxy is modifying tarballsEdge Cases & Unusual Scenarios
Artifactory rewriting package metadata
Some Artifactory configurations rewrite package.json inside tarballs to add internal metadata. This changes the tarball hash and breaks SRI verification. Configure Artifactory to pass through tarballs unmodified, or regenerate your lockfile against the Artifactory registry.
Network corruption during download
A flaky network connection can deliver partial or corrupted tarballs that get cached. The corrupted entry persists until the cache is cleared. If you see EINTEGRITY sporadically, check your network stability and always clear the cache before retrying.
Shared npm cache on NFS or network drive
Teams sharing an npm cache directory over NFS or a network drive can experience race conditions where one machine writes a partial file while another reads it. Use per-machine caches or configure npm to verify integrity on every install with npm install --prefer-online.
Optional follow-up
Some users ask whether saving fixes for recurring errors would be useful when the same issue appears again.
Was this explanation helpful?
Frequently Asked Questions
What is package integrity?
npm verifies downloaded packages match recorded checksums to prevent tampering.
Is it safe to force clean cache?
Yes, npm will re-download packages as needed.
Is EINTEGRITY a sign of a security breach?
Usually no—it is most often caused by a corrupted cache or registry proxy. However, if clearing the cache and reinstalling from the official registry still produces the error, investigate further. Compare the tarball hash against the one shown on npmjs.com for that exact version.
Why does npm cache clean --force require the --force flag?
npm protects the cache by default because clearing it forces re-downloads of all packages. The --force flag confirms you understand this tradeoff. In normal usage, npm cache verify is preferred because it checks and repairs the cache without deleting valid entries.
Can I disable integrity checking?
You can delete the integrity fields from package-lock.json or delete the lockfile entirely and regenerate it. There is no npm flag to skip integrity checks directly. Doing this is strongly discouraged because integrity verification is a critical security protection against supply chain attacks—only consider it as a last resort after clearing the cache and verifying your registry configuration.
Related Resources
Also Known As
- npm install error
- npm dependency error
- node package manager error
- npm ERR! message
Common Search Variations
- "npm install not working"
- "npm ERR how to fix"
- "node modules error fix"
- "npm install failed what to do"
- "npm dependency conflict solution"
- "why does npm install fail"
Related Errors
Still Stuck?
Paste a different error message or upload a screenshot to get help instantly.