Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I set up a new project, I run composer update and npm install and I get these warnings:
mac-mini:myproject55 chris$ npm install
npm WARN deprecated [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
WARN registry Unexpected warning for https://registry.npmjs.org/: Miscellaneous Warning EINTEGRITY: sha1-+PLIh60Qv2f2NPAFtph/7TF5qsg= integrity checksum failed when using sha1: wanted sha1-+PLIh60Qv2f2NPAFtph/7TF5qsg= but got sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==. (2301 bytes)
WARN registry Using stale package data from https://registry.npmjs.org/ due to a request error during revalidation.
WARN registry Unexpected warning for https://registry.npmjs.org/: Miscellaneous Warning EINTEGRITY: sha1-aALmJk79GMeQobDVF/DyYnvyyUo= integrity checksum failed when using sha1: wanted sha1-aALmJk79GMeQobDVF/DyYnvyyUo= but got sha512-Y9J6ZjXtoYh8RnXVCMOU/ttDmk1aBjunq9vO0ta5x85WDQiQfUF9sIPBITdbiiIVcBo03Hi3jMxigBtsddlXRw==. (3526 bytes)
WARN registry Using stale package data from https://registry.npmjs.org/ due to a request error during revalidation.
registry Unexpected warning for https://registry.npmjs.org/: Miscellaneous Warning EINTEGRITY: sha1-ry87iPpvXB5MY00aD46sT1WzleM= integrity checksum failed when using sha1: wanted sha1-ry87iPpvXB5MY00aD46sT1WzleM= but got sha512-q/UEjfGJ2Cm3oKV71DJz9d25TPnq5rhBVL2Q4fA5wcC3jcrdn7+SssEybFIxwAvvP+YCsCYNKughoF33GxgycQ==. (69241 bytes)
WARN registry Using stale package data from https://registry.npmjs.org/ due to a request error during revalidation.
WARN registry Unexpected warning for https://registry.npmjs.org/: Miscellaneous Warning EINTEGRITY: sha1-CKfyqL9zRgR3mp76StXMcXq7lUs= integrity checksum failed when using sha1: wanted sha1-CKfyqL9zRgR3mp76StXMcXq7lUs= but got sha512-2uUqazuKlTaSI/dC8AzicUck7+IrEaOnN/e0jd3Xtt1KcGpwx30v50mL7oPyr/h9bL3E4aZccVwpwP+5W9Vjkg==. (6509 bytes)
WARN registry Using stale package data from https://registry.npmjs.org/ due to a request error during revalidation.
Well the first one is easy right?
npm WARN deprecated [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
It looks like you have gulp-util installed globally and you simply need to update it using that link.
After that check what other messages you get. They might be related to the first message ;)
There's been a big problem with npmjs.org over the last few days. Lot's of packages disappeared, and some have reappeared under different repos. Some suspect a hack. They offer very good advice on hacker news about not trusting the packages right now (need to manually verify the code and do an audit) as they could have been replaced with malicious code. This is one of the modern day web dev problems with everybody relying on potential single points of failure like github/npmjs/packagist, etc.
Yeah I know about that. However this is the base laravel installation. How are we supposed to audit the fw? No info from the devs?
@bobbybouwmann no it's a deprecated dependency in gulp-decompress used by dependencies of laravel-mix
mac-mini:myproject user$ npm ls gulp-util
/Users/user/www/myproject
└─┬ [email protected]
└─┬ [email protected]
└─┬ [email protected]
└─┬ [email protected]
└─┬ [email protected]
└─┬ [email protected]
└─┬ [email protected]
└── [email protected]
Mmmh, maybe you can create an issue on the github repo, but since it's a third party issue any of the parent projects can be the problem.
Also they are only warnings, so you should be good to go!
Please or to participate in this conversation.