When switching to Artifactory the npm install produces the package-lock.json file with only SHA1 digests for artifacts checksums. Without Artifactory (i.e. using registry.npmjs.org) npm combines SHA1 and SHA512 (latter is used for packages published with npm version 5 and above, according to npm community). Is there a configuration option to use SHA512 vs SHA1?
Asked
Active
Viewed 376 times
5
-
I'm having issues with packages flip-flopping between sha1 and sha512. causes lockfile conflicts that are really annoying on a big team. Would love a way to force one or the other. – fringd Nov 21 '22 at 18:26