Fix: Yarn error Integrity check failed / EINTEGRITY sha512
Quick Answer
How to fix Yarn integrity check failed and EINTEGRITY sha512 errors caused by corrupted cache, lock file mismatches, registry issues, and network problems.
The Error
You run yarn install and get:
error Integrity check failed for "lodash" (computed integrity doesn't match our records)Or variations:
error https://registry.yarnpkg.com/react/-/react-18.2.0.tgz:
Integrity check failed for "react" (computed integrity doesn't match our records, got "sha512-abc123...")EINTEGRITY sha512-xyz... integrity checksum failed when using sha512error An unexpected error occurred: "Integrity check failed for \"express\""The downloaded package’s checksum does not match the checksum recorded in yarn.lock. Yarn refuses to install because the package might be corrupted or tampered with.
Why This Happens
Yarn stores integrity hashes (SHA-512 checksums) in yarn.lock to verify that packages have not changed since they were first resolved. When you run yarn install, Yarn downloads the package and compares its hash to the recorded hash.
If they do not match, Yarn aborts to protect against:
- Corrupted downloads. Network issues caused partial or corrupted package downloads.
- Corrupted cache. The local cache contains a damaged copy of the package.
- Registry-side changes. The package was republished with different content (rare but possible).
- Lock file conflicts. The
yarn.lockfile has incorrect entries from merge conflicts. - Proxy/CDN issues. A corporate proxy or CDN served a cached, outdated, or corrupted response.
Fix 1: Clear the Yarn Cache
The most common fix. The cached package is corrupted:
Yarn Classic (v1):
yarn cache clean
yarn installYarn Berry (v2+):
yarn cache clean --all
yarn installClear cache for a specific package:
yarn cache clean lodash
yarn installFind the cache directory:
yarn cache dir
# Usually ~/.cache/yarn/v6Pro Tip: If clearing the cache does not work, also delete
node_modulesbefore reinstalling. Corrupted files innode_modulescan cause the same error even with a clean cache.
Fix 2: Delete node_modules and Reinstall
A full clean reinstall:
rm -rf node_modules
rm -rf .yarn/cache # Yarn Berry
yarn cache clean
yarn installNuclear option — regenerate the lock file too:
rm -rf node_modules
rm yarn.lock
yarn installWarning: Deleting yarn.lock regenerates it from scratch, which may update package versions. Only do this if other fixes fail and you can verify the updated versions work.
Fix 3: Fix yarn.lock Merge Conflicts
Merge conflicts in yarn.lock produce invalid entries:
<<<<<<< HEAD
lodash@^4.17.21:
version "4.17.21"
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz"
integrity sha512-abc...
=======
lodash@^4.17.21:
version "4.17.21"
resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz"
integrity sha512-xyz...
>>>>>>> feature-branchFixed — regenerate the lock file entry:
# Accept one side of the conflict (doesn't matter which)
git checkout --theirs yarn.lock
# or
git checkout --ours yarn.lock
# Then regenerate
yarn installThis resolves the conflict markers and regenerates the correct integrity hashes.
Common Mistake: Manually editing
yarn.lockto resolve conflicts. The lock file is auto-generated — never edit it by hand. Resolve the conflict by accepting one version, then runyarn installto regenerate the correct entries.
Fix 4: Fix Registry and Network Issues
Corporate proxies or alternative registries can cause integrity failures:
Check your registry configuration:
yarn config get registry
# or for Yarn Berry:
yarn config get npmRegistryServerReset to the default registry:
# Yarn Classic
yarn config set registry https://registry.yarnpkg.com
# Yarn Berry
yarn config set npmRegistryServer https://registry.yarnpkg.comIf behind a corporate proxy:
yarn config set proxy http://proxy.company.com:8080
yarn config set https-proxy http://proxy.company.com:8080Disable strict SSL (development only):
yarn config set strict-ssl falseTry using the npm registry instead:
yarn config set registry https://registry.npmjs.org
yarn cache clean
yarn installFix 5: Update the Integrity Hash
If a package was legitimately republished, update the hash:
# Remove the specific package from the lock file and re-resolve
yarn upgrade lodashOr for all packages:
yarn upgradeFor a specific package version:
yarn add lodash@4.17.21This re-downloads the package and records the new integrity hash.
Fix 6: Fix Yarn Berry (.yarnrc.yml) Issues
Yarn Berry (v2/v3/v4) uses .yarnrc.yml for configuration:
Check for enableImmutableInstalls:
# .yarnrc.yml
enableImmutableInstalls: false # Allow modifications during installCheck for checksumBehavior:
# .yarnrc.yml
checksumBehavior: update # Update checksums instead of failingOther options:
checksumBehavior: ignore # Skip integrity checks (NOT recommended)
checksumBehavior: throw # Fail on mismatch (default)
checksumBehavior: update # Update the lock file with new checksumsFix 7: Fix CI/CD Integrity Failures
Integrity errors in CI often come from cache inconsistencies:
GitHub Actions — clear cache:
- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
- uses: actions/cache@v4
id: yarn-cache
with:
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-If cache causes issues, bust the cache:
Change the cache key to force a fresh install:
key: ${{ runner.os }}-yarn-v2-${{ hashFiles('**/yarn.lock') }}
# Change v2 to v3, v4, etc. to bust the cacheUse --frozen-lockfile in CI:
yarn install --frozen-lockfile # Yarn Classic
yarn install --immutable # Yarn BerryThis ensures the lock file is not modified during CI builds.
Fix 8: Downgrade or Switch Package Managers
If Yarn integrity issues persist:
Try npm instead:
rm -rf node_modules
rm yarn.lock
npm installUse a specific Yarn version:
# Check current version
yarn --version
# Set a specific version (Yarn Berry)
yarn set version 4.0.0
yarn installUse corepack (Node.js 16+):
corepack enable
corepack prepare yarn@4.0.0 --activate
yarn installStill Not Working?
Check disk space. Corrupted downloads can happen when disk space runs out mid-download:
df -hCheck for antivirus interference. Some antivirus software modifies downloaded files, breaking integrity checks. Add the Yarn cache directory to the exclusion list.
Check for filesystem issues. Corrupted filesystems can cause integrity mismatches. Run a filesystem check if you suspect hardware issues.
Try a different network. If the issue only happens on one network, a proxy, firewall, or ISP might be interfering with the downloads.
For Yarn general integrity check issues, see Fix: Yarn integrity check failed. For npm dependency resolution errors, see Fix: npm ERR! ERESOLVE unable to resolve dependency tree. For npm 404 errors, see Fix: npm ERR! code E404.
Solo developer based in Japan. Every solution is cross-referenced with official documentation and tested before publishing.
Was this article helpful?
Related Articles
Fix: React Warning: Failed prop type
How to fix the React 'Warning: Failed prop type' error. Covers wrong prop types, missing required props, children type issues, shape and oneOf PropTypes, migrating to TypeScript, default props, and third-party component mismatches.
Fix: Express Cannot GET /route (404 Not Found)
How to fix Express.js Cannot GET route 404 error caused by wrong route paths, missing middleware, route order issues, static files, and router mounting problems.
Fix: FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory
How to fix the JavaScript heap out of memory error by increasing Node.js memory limits, fixing memory leaks, and optimizing builds in webpack, Vite, and Docker.
Fix: TypeError: x is not a function
How to fix JavaScript TypeError is not a function caused by wrong variable types, missing imports, overwritten variables, incorrect method names, and callback issues.