Tuleap is currently broken due to a change of the checksum of the tarball of one of the dependency (socket.io > engine.io-client > xmlhttprequest). This dependency is hardcoded by engine.io-client to be retrieved directly from a GitHub archive, since it is not resolved through the npmjs registry we do not have the original version in our npmjs registry mirror.
Preliminary investigations seem however to show that the checksum change is due to metadata modifications.
While we might decide to only update the checksum of the archive in the lockfile to be able to build Tuleap again and have the same issue again in two months let's took this as an opportunity to bump to the latest version of socket.io-client. The version the kanban is currently using is impacted by a bunch of vulnerabilities so it is the right thing to do anyway.