`npm install` fails with package-lock.json on Dockerimage for Debian

[rodriguez-facundo]

I am building a docker image from debian:latest and I get a checksum fail on npm install:

(snakes) root@347ea92881f8:/NetPyNE-UI/netpyne_ui/geppetto/src/main/webapp# npm install
npm ERR! code EINTEGRITY
npm ERR! sha1-zdTETTqiZOrC9o7BZbx5HDSvEjI= integrity checksum failed when using sha1: wanted sha1-zdTETTqiZOrC9o7BZbx5HDSvEjI= but got sha512-spKHSBQIxxS81N/O21WmuXA2F6wppUCsutpzenOeZzOCCJ5gEfcbqJP983IrpLXzYmXnMUa6J03SubcNPdKrlg== sha1-5oowx8sETi+zYrQoRp/rKRwuCdg=. (10700 bytes)

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2019-01-19T15_19_54_329Z-debug.log

In my case deleting package-lock.json and re issuing npm install fixed the problem. Is it possible 'package-lock.json' is machine specific?

I am building from debian and not ubuntu because docker containers are growing wild. I have already managed to reduce MetaCell/jupyter-neuron from 1.44Gb to 700Mb. Which will help to reduce Tracis-CI times

[rodriguez-facundo]

npm config set package-lock 0 will ignore package-lock.json on npm install and problem solved.

[tarelli]

@rodriguez-facundo Disabling package-lock checks defeats the purpose though, no? Have you checked this https://github.com/npm/npm/issues/16861 in case it was something local?

[rodriguez-facundo]

it fails locally but also with docker images starting from ubuntu:18:04 and from jupyter/base-notebook:87210526f381 (which is an upgraded notebook to account for jupyterhub)

I will have to explore the cause of the issue. But since we were not using lock before, and the fix will require some time, I am implementing the quick fix.

We also need to explore how this affects geppetto-client installation. Right now we rely on package.json to point to the specific geppetto-client branch

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[jrmartin]

@rodriguez-facundo This looks very similar to the issue you are having https://github.com/nodejs/node/issues/13635

I think the library in package-lock.json that's causing the issue for you, is 'fsevents'

In linux, 'fsevents' is ignored, and probably package-lock.json keeps track of this: npm WARN optional Skipping failed optional dependency /chokidar/fsevents: npm WARN notsup Not compatible with your operating system or architecture: fsevents@1.2.9

In OSX, 'fsevents' is needed, and using a package-lock.json ignoring that library will probably make npm install fail

[rodriguez-facundo]

Good point @jrmartin, that fseevents library is certainly problematic. I have encounter the lock issue in other places as well (https://github.com/openworm/geppetto-client/issues/54) (https://github.com/OpenSourceBrain/redmine/commit/ce7eb19bead029893cdf8928492ba2b1b01a22de). In the first case, I am running a debian container (maybe now it is the other way around and something was not needed for macos, then locked and was missing for debian). The second case is with gemfile.lock (totally unrelated to npm but again a lock making container build to fail).

I will keep an eye open in case a new container build fails so I can pin the issues rather than just deleting the locks 🔨to pass the build.