Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove integrity SHAs for git depedencies
It appears that different machines can produce different hashes for git-based dependencies, so the npm team moved to completely remove integrity checksums for them. Apparently these checksums were based on gzipped archives, which are not guaranteed to be binary identical for the same inputs across different CPU architectures. There is still some cryptographic integrity defense as the dependency is pinned to a git commit and that relies on the entire previous history of the repo, as discussed in the later parts of this issue on npm. npm/cli#2846
- Loading branch information