From a26f0f8c33d1322921e517ede1059b1ec076d969 Mon Sep 17 00:00:00 2001
From: Gonzalo <456459+grzuy@users.noreply.github.com>
Date: Tue, 10 Oct 2023 17:05:38 -0300
Subject: [PATCH] refactor: don't fail if extra signatures we don't care about

---
 lib/esbuild/npm_registry.ex | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/esbuild/npm_registry.ex b/lib/esbuild/npm_registry.ex
index d00009f..e2be711 100644
--- a/lib/esbuild/npm_registry.ex
+++ b/lib/esbuild/npm_registry.ex
@@ -19,18 +19,18 @@ defmodule Esbuild.NpmRegistry do
       "_id" => id,
       "dist" => %{
         "integrity" => integrity,
-        "signatures" => [
-          %{
-            "keyid" => @public_key_id,
-            "sig" => signature
-          }
-        ],
+        "signatures" => signatures,
         "tarball" => tarball
       }
     } =
       fetch_file!("#{@base_url}/#{name}/#{version}")
       |> Jason.decode!()
 
+    %{"sig" => signature} =
+      signatures
+      |> Enum.find(fn %{"keyid" => keyid} -> keyid == @public_key_id end) ||
+        raise "missing signature"
+
     verify_signature!("#{id}:#{integrity}", signature)
     tar = fetch_file!(tarball)