+7
-0
lines changedFilter options
+7
-0
lines changed Original file line number Diff line number Diff line change
@@ -47,6 +47,13 @@ Registry signatures can be verified using the following `audit` command:
47 47
$ npm audit signatures
48 48
```
49 49 50 +
The `audit signatures` command will also verify the provenance attestations of
51 +
downloaded packages. Because provenance attestations are such a new feature,
52 +
security features may be added to (or changed in) the attestation format over
53 +
time. To ensure that you're always able to verify attestation signatures check
54 +
that you're running the latest version of the npm CLI. Please note this often
55 +
means updating npm beyond the version that ships with Node.js.
56 + 50 57
The npm CLI supports registry signatures and signing keys provided by any registry if the following conventions are followed:
51 58 52 59
1. Signatures are provided in the package's `packument` in each published version within the `dist` object:
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4