Skip to content
Latchkey

Yarn classic "Integrity check failed" in CI

Yarn 1 records an integrity hash for each package. If the installed node_modules state or a downloaded archive does not match the hash in yarn.lock, Yarn reports an integrity failure and stops.

What this error means

yarn install fails with "error Integrity check failed" or "Incorrect integrity when fetching from the cache", often after a partial cache restore or a lockfile that drifted from node_modules.

yarn
error https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz: Integrity check failed for "lodash" (computed integrity doesn't match our records, got "sha512-...")

Common causes

node_modules drifted from yarn.lock

A restored or partial node_modules cache no longer matches the integrity hashes recorded in the lockfile.

A corrupted or substituted archive

A truncated download or a mirror serving a different tarball produces a hash that does not match the lockfile.

How to fix it

Clean install from a verified cache

  1. Remove node_modules and the Yarn cache for the affected package.
  2. Run yarn install --frozen-lockfile to reinstall against the lockfile.
  3. If it persists for one archive, the lockfile hash may need regenerating.
Terminal
rm -rf node_modules
yarn cache clean
yarn install --frozen-lockfile

Cache the Yarn cache, not node_modules

Persist ~/.cache/yarn (or the configured cache) keyed on the lockfile instead of restoring a possibly-inconsistent node_modules.

.github/workflows/ci.yml
- uses: actions/cache@v4
  with:
    path: ~/.cache/yarn
    key: yarn-${{ hashFiles('yarn.lock') }}

How to prevent it

  • Cache the Yarn cache directory, not node_modules.
  • Install with --frozen-lockfile so the lockfile is authoritative.
  • Regenerate the lockfile if one archive's hash is genuinely wrong.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →