I'm using OSSEC as my Host Intrusion Detection Systems (HIDS) and it's configured to send out alerts by email when it detects any activity on the server. In this case, it detected that the MD5/SHA1 checksum of certain files had changed, so it sent out an alert:
OSSEC HIDS Notification.
2014 Feb 21 03:44:49
Received From: (server-name) xxx.yyy.zzz.000->syscheck
Rule: 552 fired (level 7) -> "Integrity checksum changed again (3rd time)."
Portion of the log(s):
Integrity checksum changed for: 'forum/node_modules/nodebb-plugin-finder/npm.json'
Size changed from '34934' to '36289'
Old md5sum was: '87b3c6a957af2d8135fb4ea2455f5b36'
New md5sum is : '34206f1cbf9602d33e81e72b3b074e61'
Old sha1sum was: '08764bf37603c005923f2afd7b215f44e304884b'
New sha1sum is : '3995ed7931cdf60ef4c8c65b88afe43013ab5190'
It worried me because I was not expecting the file to change, but that was before @psychobunny posted a reply to my question.
I'm paranoid about these things, but don't blame me. That's just my nature and a consequence of having a security background.