What is the integrity property inside yarn.lock file?

the integrity was used to verify that versions and hashed values of the package contents in the project’s package.json match those in yarn’s or package's lock file. This helps to verify that the package dependencies have not been altered.

you can check this in yarn check --integrity


That is used to detect whether the files have changed since the author originally published them. If the SHA hashes don't match because of file modifications, the integrity check fails.

The author pushes their code to a repository, and this field is used to make sure that what the repository sends out is identical to what the author produced.

The idea of an integrity field is described here: https://w3c.github.io/webappsec-subresource-integrity/#resource-integrity