pnpm: Package name mismatch for aliased package in private registry

pnpm version: pnpm@7.1.0

When running pnpm install with a populated pnpm-store the error ERR_PNPM_UNEXPECTED_PKG_CONTENT_IN_STORE is shown for an aliased package coming from a private registry. Specifically it is the gsap/business package from Greensock aliased to the gsap package.

ERR_PNPM_UNEXPECTED_PKG_CONTENT_IN_STORE  Package name mismatch found while reading {“integrity”:“sha512-kJzSzrnGNrCAx0wCwNkHLc3rRckuebvfzWFLI5u+60mLDIm7jc986XUzS4+UnRuh1HCavALEuAsgWPqtVw8Low==”,“registry”:“https://npm.greensock.com/",“tarball”:"https://npm.greensock.com/@gsap%2Fbusiness/-/business-3.10.4.tgz”} from the store. This means that the lockfile is broken. Expected package: @gsap/business@3.10.4. Actual package in the store by the given integrity: gsap@3.10.4.

Code to reproduce the issue:

package.json

{
    "name": "boilerplate",
    "license": "UNLICENSED",
    "private": true,
    "engines": {
        "node": ">= 16",
        "pnpm": ">= 7"
    },
    "dependencies": {
        "gsap": "npm:@gsap/business@^3.9.0"
    }
}

.npmrc

engine-strict=true
shamefully-hoist=true
@gsap:registry=https://npm.greensock.com/
//npm.greensock.com/:_authToken=secret

Expected behavior:

Installation of the specific package from the pnpm-store should work.

Actual behavior:

Installation of the package from the pnpm-store fails.

Additional information:

  • pnpm: 7.1.0 (via corepack)
  • node: 16.15.0
  • OS: Linux (platform.sh CI build environment)

About this issue

  • Original URL
  • State: open
  • Created 2 years ago
  • Reactions: 7
  • Comments: 16

Most upvoted comments

I has the same problem. I need to use pnpm store prune && pnpm install to resolve this problem

+2
WormGirl on May 23, 2022

@zkochan Could you take a look at this sometime soon? Since a while I get these more and more. At this point, I have to fully remove all my node_modules directories in a monorepo setup manually, delete the lockfile and then reinstall. And even that sometimes doesn’t work. Locally, this is annoying, but not a major issue, but in CI it definitely is a dealbreaker.

+1
Anoesj on Nov 14, 2023 
 ERR_PNPM_ERR_PNPM_UNEXPECTED_PKG_CONTENT_IN_STORE  The lockfile is broken! A full installation will be performed in an attempt to fix it.
 ERR_PNPM_UNEXPECTED_PKG_CONTENT_IN_STORE  Package name mismatch found while reading {"integrity":"sha512-kYmkwAQ53GzBxs+e8pu/BCzUMrfJoBSEE1JI5HB6wUGDt9yuR/XTwSNfRCBzbuzy/zR9HgqubZnU59LhOiOzwA==","registry":"https://registry.npmjs.org/","tarball":"https://npm.greensock.com/@gsap/shockingly/-/shockingly-3.12.2.tgz"} from the store. This means that the lockfile is broken. Expected package: gsap@3.12.2. Actual package in the store by the given integrity: @gsap/shockingly@3.12.2.

I get this every single time i try to update deps pnpm up -iL i need to trash the lock file run pnpm i then pnpm up -iL very tedious. I’ve only recently started getting this by the way, has worked for quite a long time without issue, unsure what changed.

+1
mattpilott on Aug 14, 2023

Oof!

Running into this same issue, and unfortunately the approach by Anoesj doesn’t work consistently. Tried pnpm 6, 7, and 8, all the same issues.

If you remove your project’s node_modules folder, and re-run pnpm i, you’ll occasionally still get this error even with overrides defined.

Is this fundamentally just an issue with GSAP, as the private @gsap/business and @gsap/shockingly packages still just call themselves gsap in their own package.json files?

+1
Nuuou on Jul 26, 2023

I have this too on a non-CI environment, but only on Ubuntu, not on macOS.

pnpm version: 7.15.0 Node version: 16.18.1 (installed using pnpm env)

The error logs:

 WARN  Package name mismatch found while reading {"integrity":"sha512-YG1xjWe8HP6IDA2UT98xcsEVLt+6vJB2joyiYbc1RJLvXHeft/FYqlUKM0uRMOBpK1GSn2Ziq2JCaJwyrDZQVg==","registry":"https://npm.greensock.com/","tarball":"https://npm.greensock.com/@gsap%2fshockingly/-/shockingly-3.11.3.tgz"} from the store. This means that the lockfile is broken. Expected package: @gsap/shockingly@3.11.3. Actual package in the store by the given integrity: gsap@3.11.3.

ERR_PNPM_ERR_PNPM_UNEXPECTED_PKG_CONTENT_IN_STORE  The lockfile is broken! A full installation will be performed in an attempt to fix it.

 ERR_PNPM_UNEXPECTED_PKG_CONTENT_IN_STORE  Package name mismatch found while reading {"integrity":"sha512-YG1xjWe8HP6IDA2UT98xcsEVLt+6vJB2joyiYbc1RJLvXHeft/FYqlUKM0uRMOBpK1GSn2Ziq2JCaJwyrDZQVg==","registry":"https://npm.greensock.com/","tarball":"https://npm.greensock.com/@gsap%2fshockingly/-/shockingly-3.11.3.tgz"} from the store. This means that the lockfile is broken. Expected package: @gsap/shockingly@3.11.3. Actual package in the store by the given integrity: gsap@3.11.3.

EDIT: Solved by creating a pnpm override for gsap:

{
  "name": "example",
  "private": true,
  "dependencies": {
    "gsap": "^3.11.3"
  },
  "pnpm": {
    "overrides": {
      "gsap": "npm:@gsap/shockingly@^3.11.3"
    }
  }
}
+1
Anoesj on Nov 10, 2022
Read more comments on GitHub
← pnpm: Not working with private registry
pnpm: pnpm 8.9.0 broken for windows dev drivers (ReFS) →