为什么 package-lock.json 将完整性哈希从 sha1 更改为 sha512? [英] Why did package-lock.json change the integrity hash from sha1 to sha512?

问题描述

我刚刚生成了一个新的 npm 锁文件 package-lock.json，作为我典型工作流程的一部分.但是我注意到这次所有的完整性哈希值都从 sha1 更改为 sha512.这里发生了什么?

I just generated a new npm lockfile, package-lock.json, as part of my typical workflow. But I noticed that this time all of the integrity hashes have been changed from sha1 to sha512. What is happening here?

"chalk": {
    "version": "2.0.1",
    "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.0.1.tgz",
-   "integrity": "sha1-ce5R+nvkyuwaY4OffmgtgTLTDK8=",
+   "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==",
    […]
}

推荐答案

据我所知，npm 将完整性校验和从 sha1 更改为 sha512.

From what I can see, npm changed the integrity checksum from sha1 to sha512.

如果您的 git 更改从 sha1 到 sha512，您应该进行一次更新，之后就会好起来.

If your git changes are going from sha1 to sha512, you should do that update once and it will be good after that.

如果其他人使用代码库并看到从 sha512 到 sha1 的 git 更改(这是我遇到的问题)，您可以通过运行以下命令来修复它:

If someone else working with the codebase and sees a git change from sha512 down to sha1 (which is the issue I was having) you can fix it by running the following:

丢弃 git 中 package-lock.json 的更改

Discard the changes in git for package-lock.json

npm i -g npm
rm -rf node_modules/
npm i

这将更新 npm 并重新安装您的所有软件包，以便出现新的校验和 (sha512).

This will update npm and reinstall all of your packages so that the new checksum (sha512) is present.

这篇关于为什么 package-lock.json 将完整性哈希从 sha1 更改为 sha512?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！