node Start adding .asc signature files for tar files to validate signature

Start adding .asc signature files for tar files to validate signature

Open omarismail94 opened this issue 7 months ago • 9 comments

What is the problem this feature will solve?

Right now, node uses SHA256 checksums to verify published artifacts like tars. Signatures offer stronger security. Some packages already do this like Yarn: https://github.com/yarnpkg/yarn/releases/tag/v1.22.17

What is the feature you are proposing to solve the problem?

Start adding .asc signature files in index (e.g. https://nodejs.org/download/release/v16.20.2/)

What alternatives have you considered?

No response

Jul 18 '24 10:07 omarismail94

node node copied to clipboard

Start adding .asc signature files for tar files to validate signature

What is the problem this feature will solve?

What is the feature you are proposing to solve the problem?

What alternatives have you considered?

node
node copied to clipboard