I just generated a new npm lockfile, package-lock.json, as part of my typical workflow. But I noticed that this time all of the integrity hashes have been changed from sha1 to sha512. What is happening here?
"chalk": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/chalk/-/chalk-2.0.1.tgz",
- "integrity": "sha1-ce5R+nvkyuwaY4OffmgtgTLTDK8=",
+ "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==",
[…]
}
From what I can see, npm changed the integrity checksum from sha1 to sha512.
If your git changes are going from sha1 to sha512, you should do that update once and it will be good after that.
If someone else working with the codebase and sees a git change from sha512 down to sha1 (which is the issue I was having) you can fix it by running the following:
Discard the changes in git for package-lock.json
npm i -g npm
rm -rf node_modules/
npm i
This will update npm and reinstall all of your packages so that the new checksum (sha512) is present.