node.jsvue.jsnpminstallationyarnpkg

Why running yarn commands is giving an error- Integrity check failed for "yargs-parser"


The problem-

In my existing Vue project if I am running the yarn install or yarn add package_name command, the following errors are occurring-

enter image description here

enter image description here

What I read-

After reading this article (scroll down to the "Integrity Hash" section), I was able to achieve some understanding about this error that-

yarn will compute a hash value for each dependency install based on the contents that were downloaded. Next time you download that dependency, yarn generates the hash again. If there is a mismatch between the new value and the value stored in yarn.lock, yarn will throw an error that looks like this: Integrity check failed for <package-name> (computed integrity doesn't match our records, got <integrity-hash-value>)

I believe my error is related. The solution also suggested in this article is to read about the culprit dependency and if it's safe to use, re-install this. I also read this GitHub issue.

My concern-

As far as I read, once a resolved version is specified in yarn.lock that will always be the version installed whenever you run yarn install. In my yarn.lock the version of yargs-parser is 20.2.1.

Should I re-install this yargs-parser dependency, if yes, then how? I am kind of worried about the re-installation impact on other dependencies.

My environment details-

The following package managers are installed globally in my system-

node- 14.19.0
yarn- 1.22.4
npm- 6.14.16

I can provide further details if needed. Any help would do great.


Solution

  • So, after a few days of research, I finally sort out this problem.

    Cause for this error-

    As I cited in the question about my suspicion of integrity mismatch, was right.

    Integrity checksums are a security feature used by Yarn to ensure that the contents of a package have not been tampered with since they were published to the registry. So, when you install a package, Yarn downloads the package's tarball from the registry and verifies that the integrity checksum matches the one listed in the yarn.lock file.

    And in my case, the hashes didn't match somehow and that was the reason in actuality.

    What I tested-

    1. Cleared the yarn cache. (very basic, didn't work though)
    2. Deleted the yarn.lock and installed it again. (very destructive results because it potentially updates all packages when you really just have an issue with the single package.)
    3. Thought to re-install only this yargs-parser package but it's not possible because it is not added in the package.json file. :-(

    What truly fixed the issue

    The hero command-

    yarn --update-checksums
    

    What does this command do?

    If the integrity checksum of any package is out of date or incorrect then running this command will regenerate them based on the current content of the registry.

    So this command corrected the hash of my yargs-parser package and now I am able to use yarn commands perfectly.

    I am open to any other thoughts on this concept.