gitpkg
gitpkg copied to clipboard
ramasilveyra
Integrity validation
idea/discussion: just thinking aloud, comment whatever you think that could be wrong or could be improved.
Probably it will be possible to add the sha1 and sha512 on the commit description.
git commit -m "gitpkg" -m "{\"integrity\":{\"sha1\":\"<sha1 hash>\",\"sha512\":\"<sha512 hash>\"}}"
then the node package managers must validate against this.
