npm - package-lock.json 文件中列出的依赖项具有混合 (sha1 / sha512) 完整性校验和。

问题描述

我了解 npm 已将完整性校验和从 sha1 更改为 sha512，但我很困惑为什么 package-lock json 文件中的依赖项仍然很少显示 sha1 完整性校验和。

在 package-lock 文件中添加以下几行，其中混合了 sha1 和 sha512。根据我的理解，所有 sha1 都应该被 sha512 替换。

 "assign-symbols": {
  "version": "1.0.0",
  "resolved": "https://registry.npmjs.org/assign-symbols/-/assign-symbols-1.0.0.tgz",
  "integrity": "sha1-WWZ/QfrdTyDMvCu5a41Pf3jsA2c=",
  "dev": true
},
"async": {
  "version": "2.6.1",
  "resolved": "https://registry.npmjs.org/async/-/async-2.6.1.tgz",
  "integrity": "sha512-fNEiL2+AZt6AlAw/29Cr0UDe4sRAHCpEHh54WMz+Bb7QfNcFw4h3loofyJpLeQs4Yx7yuqu/2dLgM5hKOs6HlQ==",
  "dev": true,
  "requires": {
    "lodash": "4.17.11"
  }
},
"async-each": {
  "version": "1.0.1",
  "resolved": "https://registry.npmjs.org/async-each/-/async-each-1.0.1.tgz",
  "integrity": "sha1-GdOGodntxufByF04iu28xW0zYC0=",
  "dev": true
},
"atob": {
  "version": "2.1.2",
  "resolved": "https://registry.npmjs.org/atob/-/atob-2.1.2.tgz",
  "integrity": "sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==",
  "dev": true
},
"atob-lite": {
  "version": "1.0.0",
  "resolved": "https://registry.npmjs.org/atob-lite/-/atob-lite-1.0.0.tgz",
  "integrity": "sha1-uI3KYAaSK5YglPdVaCa6sxxKKWs="
},
"autoprefixer": {
  "version": "6.7.7",
  "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-6.7.7.tgz",
  "integrity": "sha1-Hb0cg1ZY41zj+ZhAmdsAWFx4IBQ=",
  "dev": true,
  "requires": {
    "browserslist": "1.7.7",
    "caniuse-db": "1.0.30000888",
    "normalize-range": "0.1.2",
    "num2fraction": "1.2.2",
    "postcss": "5.2.18",
    "postcss-value-parser": "3.3.0"
  }
}

任何有助于我理解的参考资料都会有所帮助。

标签： npmnpm-install