Integrity Hash - CI/CD Glossary Definition
An integrity hash is the cryptographic digest (such as the sha512-... value in a lockfile's integrity field) that a package manager records so it can verify future downloads.
An integrity hash is the cryptographic digest (such as the sha512-... value in a lockfile's integrity field) that a package manager records so it can verify future downloads.
Integrity hashes are how lockfiles guarantee that a dependency's content, not just its version number, stays fixed.
Format
npm uses Subresource Integrity strings like sha512-<base64>; a changed hash for an unchanged version signals the published bytes were altered and should be investigated.
Related guides
Checksum Verification - CI/CD Glossary DefinitionChecksum Verification: Checksum verification is comparing a downloaded artifact's computed hash against an ex…
Lockfile - CI/CD Glossary DefinitionLockfile: A **lockfile** (package-lock.json, Cargo.lock, etc.) pins exact dependency versions so builds are r…
Subresource Integrity - CI/CD Glossary DefinitionSubresource Integrity: Subresource Integrity (SRI) is a standard for expressing a resource's expected hash as…