I cannot figure out how to determine if Yarn's integrity checks actually do anything. There is not a lot of documentation.
I've tried modifying integrity hashes to be bogus ones in yarn.lock and then trying to yarn install or run yarn check --integrity. Neither of these commands fail, so how is Yarn actually checking the integrity of packages?
After some discussion with the Yarn devs on Discord, it looks like Yarn won't check integrity on yarn install unless there is actually something to install, so my test wasn't sufficient to trip over the errors.
You'll also need to be on Yarn 1.19.1 or later because of some caching bugs.
Apparently, yarn check is being removed so that's not a reliably way to check integrity.