pnpm
Replies: 1 comment 1 reply
-
|
pnpm uses whatever is provided in the package document returned by the registry. SHA512 is preferred. If you get SHA1 it means that's the only checksum the registry have returned. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Ok, that means npm registry changed the integrity checksum hash itself? And when checked for updates, my lock file was updated too? 🤔 |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
why does PNPM use both SHA1 and SHA512 hashes in its lockfile? I notice that some packages use SHA1 while others use SHA512 for integrity checks. What's the reason behind using these two different hash algorithms?
Also, when updating packages, I noticed that some integrity hashes get rewritten from SHA1 to SHA512. Is this normal behavior?
Beta Was this translation helpful? Give feedback.
All reactions