Skip to content
Latchkey

Integrity Hash - CI/CD Glossary Definition

An integrity hash is the cryptographic digest (such as the sha512-... value in a lockfile's integrity field) that a package manager records so it can verify future downloads.

An integrity hash is the cryptographic digest (such as the sha512-... value in a lockfile's integrity field) that a package manager records so it can verify future downloads.

Integrity hashes are how lockfiles guarantee that a dependency's content, not just its version number, stays fixed.

Format

npm uses Subresource Integrity strings like sha512-<base64>; a changed hash for an unchanged version signals the published bytes were altered and should be investigated.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →