corepack icon indicating copy to clipboard operation
corepack copied to clipboard
verified publisher icon nodejs

docs: replace integrity signature algorithm with SHA-512 in README

Open isudzumi opened this issue 1 year ago • 1 comments

After https://github.com/nodejs/corepack/pull/432, looks the hash algorithm for integrity check have switched to SHA-512. I want to reflect it to README.

isudzumi avatar Jun 11 '24 16:06 isudzumi

Not sure I agree with this change, SHA-224 is still a valid algorithm, and before https://github.com/nodejs/corepack/pull/432 Corepack were using SHA-256 anyway. Corepack now defaults to SHA-512 because that's what npm signs, and since we have to calculate the SHA-512 to verify the signature, it's also what we put in the package.json – but if the user is providing the SHA, SHA-224 is still a perfectly valid choice.

aduh95 avatar Jun 25 '24 10:06 aduh95