Fix it fast
Most likely: The artifact bytes Maven downloaded do not match the published checksum, usually because of a partial local download, stale proxy cache, or inconsistent repository content.
1. Confirm this is your error
[ERROR] Checksum validation failed, no checksums available
[ERROR] Checksum validation failed2. Check the cause
mvn -e -DskipTests package
mvn -q help:effective-settings
find ~/.m2/repository -name "*.lastUpdated" -path "*<artifactId>*" -print3. Apply the safe fix
# Remove only the affected artifact version, then force a clean download.
rm -rf ~/.m2/repository/<groupId path>/<artifactId>/<version>
mvn -U -DskipTests package
# If it still fails, check the repository manager/proxy cache for stale or corrupted content.4. Verify it works
mvn -DskipTests package
mvn -U -q -Dartifact=groupId:artifactId:version dependency:getDon't use unsafe shortcuts
- Do not disable checksum validation to make the build pass.
- Do not delete the entire Maven cache when one artifact version is corrupted.
- Do not mix several mirrors for the same coordinates, inconsistent upstreams can serve different bytes.
What This Error Means
Read this as a precise clue about which part of the workflow broke first. Once you know the failing layer, the fix path gets much shorter.
Fix the integrity mismatch
Delete the affected artifact directory under ~/.m2/repository/ so Maven must re-download it.
Force a remote re-check once:mvn -U -DskipTests package
If the failure persists, route all builds through a single repository manager proxy to avoid inconsistent upstreams.
If you control the repository, verify that checksum files match the stored artifacts and repair/re-publish the bad artifacts.
Why It Happens
Usually this comes down to a previous download was interrupted, leaving a truncated artifact in the local repository, a proxy/cache served stale or corrupted content, the repository contains inconsistent metadata (artifact and checksum files are out of sync), or multiple repositories/mirrors with different content are being used for the same coordinates.
Verify the Fix
Re-run the Maven build and confirm the checksum error is gone, and confirm the artifact can be downloaded consistently on a second machine/environment.
Manual integrity checks
Identify the specific artifact/version that failed checksum validation from the Maven output.
Delete the artifact version directory under ~/.m2/repository/<groupId path>/<artifactId>/<version>/ to force a clean re-download.
Force updates once:mvn -U -DskipTests package
How Maven verifies artifact integrity
Repositories typically publish checksum files (for example .sha1 / .md5) alongside artifacts. Maven uses these checksums to verify that downloaded files were not corrupted or altered in transit. Checksum failures often indicate a partial download, a caching proxy serving stale content, or inconsistent repositories.
Prevent It From Coming Back
To prevent this, use a repository manager proxy to provide consistent artifacts/checksums to all builds, avoid mixing multiple repository URLs/mirrors for the same coordinates, and keep build caches healthy by cleaning only the specific corrupted artifact directories when needed.
Docs and source code
github.com/apache/maven/blob/maven-3.9.6/maven-core/src/main/java/org/apache/maven/project/DefaultProjectDependenciesResolver.java
Checksum verification failures are raised by the underlying resolver layer and bubbled up into Maven via the exception message (e.getMessage()). - GitHub
String msg = "Could not resolve dependencies for project " + project.getId() + ": " + e.getMessage();
DependencyResolutionException dex = new DependencyResolutionException(msg, e);
dex.setResult(e.getResult());
throw dex;