What is the integrity property inside yarn.lock file?

javascript yarnpkg yarn-lock.json
Stav Alfi picture Stav Alfi · Nov 29, 2018 · Viewed 11.1k times · Source

For some reason, the command yarn is modifying the file yarn.lock with a new property to every dependency: integrity.

Git diff:

+integrity sha1-zgBCgEX7t9AxwWp7+DV4nxU2arI=

I couldn't find documentation about it so my question is - What is it?

Answer

Amy picture Amy · Nov 29, 2018

That is used to detect whether the files have changed since the author originally published them. If the SHA hashes don't match because of file modifications, the integrity check fails.

The author pushes their code to a repository, and this field is used to make sure that what the repository sends out is identical to what the author produced.

The idea of an integrity field is described here: https://w3c.github.io/webappsec-subresource-integrity/#resource-integrity

Related questions

How to clear cache in Yarn?

I am doing some benchmark tests for Facebook's Yarn. For this, I need to clear my global Yarn cache. Is there a command available for this? I have force-removed my ~/.yarn-cache folder, but this seems to be quite manual.

Read More
TypeError [ERR_INVALID_ARG_TYPE]: The "path" argument must be of type string. Received type undefined raised when starting react app

I'm working on a project in React and ran into a problem that has me stumped. Whenever I run yarn start I get this error: TypeError [ERR_INVALID_ARG_TYPE]: The "path" argument must be of type string. Received type …

Read More
Yarn global command not working

I'm working with Yarn v0.16.1. If I understand correctly (according to the documentation), yarn global add <package> should be the equivalent of npm install -g <package>. However, when I run the example in the docs (with …

Read More