integrity checksum failed when using sha1: wanted sha1-SdstUAFQuOSM8Wed69GwsB/wLx8= but got sha1-bocDAWWpWcjMh/14FCG4/eDNOZM=
That is the exact error I get.
That checksum is from my package-lock.json file
That chechsum was generated on OSX. BUT, it's a file. Its hash should be the same on any platform because it's the same file being downloaded.
From the NPM documentation (source: https://docs.npmjs.com/files/package-lock.json)
> For remote tarball sources this is an integrity based on a SHA512 of the file.
Therefore the only explaination that I can think of is that the appDynamics server is serving a different file to my Linux machine than it serves to my OSX machine...
Yikes, Microsoft does like to make our lives difficult... I definitely feel you that having AppD in your normal deployment workflow would be easiest, but unfortunately a re-architecture of our install process is probably not in the cards. It is definitely something we periodically review though—it's possible that as more and more people have end-to-end package-lock deployment workflows we'll opt to take the work on.
But for us in the mean time it means we need to keep hunting for a better process. If global install on the Azure instances isn't possible, and we have to install into the wwwroot, I wonder, could we use a post-deploy script to install the agent? That way you could have a script that basically changes to the wwwroot directory and runs npm install firstname.lastname@example.org. This same script could set the environment variable. (https://github.com/projectkudu/kudu/wiki/Post-Deployment-Action-Hooks)
Another option would be to do this one-off install at build/deploy time in your CI/CD pipeline somewhere, but depending on your environment that may take more effort. In any case, happy to keep working with you to find something that fits your needs!
Kyle Furlong, Technical Lead (C++ and Dynamic Languages)
Just to update this thread, since customers have found it and asked for a resolution, since version 4.5.14 of the node agent, the npm install logic for the AppDynamics agent has changed to bring down the platform dependent components in a post-install script.
This means that package lock should no longer prevent Node apps built on one platform being transported to and executed on a different platform (and hence should also remedy this issue with deployment on the Azure platform)