mongo
mongo copied to clipboard
Published
20 hours ago •
docker-library
docker-library
Verify the js-yaml package integrity
I don't love the added dist either but couldn't get rid of it with the extract command alone. If I use sttip-components 2, the package.json doesn't get extracted
On a side note, https://registry.npmjs.org/js-yaml has some embedded signatures that we may want to verify in the future:
"dist": {
"integrity": "sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==",
"shasum": "aff151b30bfdfa8e49e05da22e7415e9dfa37847",
"tarball": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz",
"fileCount": 37,
"unpackedSize": 283005,
"npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJcp38bCRA9TVsSAnZWagAAhE0P/0hyn9bXVGMTE7DJSmeU\nxZMBBwOP6Ofyr6597JzDE/mpqUDnqRTbArd4Pf1FoM38YDIdoFcvSayCtyaA\nqTodzwt6UIw0ljoI7VnpiSq4S8Gbo6vKeEpbv4Gh6Jc9YHmNIJLfR/iNJ/Ti\np4oAfBogNdWhP6Oqb6Sp3OyF2IOvr7+q90IlkvfDk+pm3ZVF744CjZ0/6rZO\nX5UOWWQsF7bpZDsBV9MAQ+9ifHmHTSbDKsBFxOhnxSvZMSWgJnY8JHHbusk0\nWxCE+DJ9C9C7w+Li22inlNd7y+VNRzK2K3H7pJ0A+fSZp0sWePUuj+ObUarT\nJJU7HbkQT/VyyZdlaprl1GTSWEQdyxvT82fXgqXD3H6X1v5o9kSuKyJaNo8k\nDOFAYQhHBVfY2zMaT+S34uf1hKC9iQJq7kvQ65h/9DYlpcLkSCYhlaANx3V+\nuXdQHLlSRnZHgOaS8HvwVWsA5ZeFjS8xA58d671Li3LsXStZV0x0fgxDJYR0\nUU32uvth2/nCwLaxzPWDFA98FEpOU8/C5ywRk4JIJ1nGbP1qz7XtBwFnL6h4\nmewcAO1JgavPjkMe6qPmiw5jlZd0ebGCRdiaKGoPq1GXRnl+ctOeRSvyfUPf\nx2UNiVHRjzDb7PFpkW7KogNOkmN2TEIrJa3GKAT+GlLn8W0+lkUk/qCUeR5N\nIDd6\r\n=IAWU\r\n-----END PGP SIGNATURE-----\r\n",
"signatures": [
{
"keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA",
"sig": "MEQCICcyMFOpLvWhCJ6rfrqOhJurrDbHHY44FcmJBW04GRpUAiBVXUy35hdps/0FXT9SX3X6rsqOGLU6EbAm2HmGr4PRsw=="
}
]
},
