binary-install icon indicating copy to clipboard operation
binary-install copied to clipboard

Use checksums to verify integrity of the downloads

Open Pauan opened this issue 5 years ago • 0 comments

On Discord somebody mentioned that they won't use wasm-pack because it is insecure, because it is downloading a foreign URL without using a checksum to verify the integrity.

I agree with them, I think for security it's important to verify checksums on all downloaded binaries.

So first this will have to be added to binary-install, and then wasm-pack can be changed to use the checksums.

Pauan avatar Mar 13 '20 19:03 Pauan