Showing results for 
Show  only  | Search instead for 
Did you mean: 

`NPM install` integrity check failure on Linux

integrity checksum failed when using sha1: wanted sha1-SdstUAFQuOSM8Wed69GwsB/wLx8= but got sha1-bocDAWWpWcjMh/14FCG4/eDNOZM=

That is the exact error I get.

That checksum is from my package-lock.json file

"appdynamics-zmq": {
"integrity": "sha1-SdstUAFQuOSM8Wed69GwsB/wLx8="


That chechsum was generated on OSX. BUT, it's a file. Its hash should be the same on any platform because it's the same file being downloaded.


From the NPM documentation (source:


> For remote tarball sources this is an integrity based on a SHA512 of the file.


Therefore the only explaination that I can think of is that the appDynamics server is serving a different file to my Linux machine than it serves to my OSX machine...



Hi again Kyle,

Unfortunately, I’m still having trouble integrating the appdynamics agent into our Azure (Windows) NodeJS app service.

You proposed installing the module globally, but doing this means that the regular node require(…) does not work (see

Unfortunately the proposed solution (using NODE_PATH to explicitly tell node of the additional global directory to search) does not work on Azure app services — the environment variable is detected but appears to have no effect.

I have even tried explicitly specifying the entire path but this failed as well — in both cases node says it cannot find the module.

My current guess is that Azure is preventing the app from loading files from outside of its wwwroot directory. Unfortunately this is where all the deployed code lives and there is already a node_modules directory there constructed from the package-json.lock using “npm install”.

So for the moment, I am unable to integrate appdynamics in our Azure app service.

I would really like to see a solution that fits the package-lock.json installation method — perhaps you could look at something similar to the way node-sass has a postinstall script that downloads the dependencies?

Thank you for your help!


AppDynamics Team (Retired)

Hi Adam,


Yikes, Microsoft does like to make our lives difficult... I definitely feel you that having AppD in your normal deployment workflow would be easiest, but unfortunately a re-architecture of our install process is probably not in the cards. It is definitely something we periodically review though—it's possible that as more and more people have end-to-end package-lock deployment workflows we'll opt to take the work on.


But for us in the mean time it means we need to keep hunting for a better process. If global install on the Azure instances isn't possible, and we have to install into the wwwroot, I wonder, could we use a post-deploy script to install the agent? That way you could have a script that basically changes to the wwwroot directory and runs npm install appdynamics@4.5.0. This same script could set the environment variable. (


Another option would be to do this one-off install at build/deploy time in your CI/CD pipeline somewhere, but depending on your environment that may take more effort. In any case, happy to keep working with you to find something that fits your needs!




Kyle Furlong, Technical Lead (C++ and Dynamic Languages)

Found something helpful? Click the Accept as Solution button to help others find answers faster.
Liked something? Click the Thumbs Up button.

Just to update this thread, since customers have found it and asked for a resolution, since version 4.5.14 of the node agent, the npm install logic for the AppDynamics agent has changed to bring down the platform dependent components in a post-install script.


This means that package lock should no longer prevent Node apps built on one platform being transported to and executed on a different platform (and hence should also remedy this issue with deployment on the Azure platform)


Warm regards,


Found something helpful? Click the Accept as Solution button to help others find answers faster.
Liked something? Click the Thumbs Up button.