From f88f731b8a7654d4118c1159da44f1ca0de72dd7 Mon Sep 17 00:00:00 2001
From: Gonzalo <456459+grzuy@users.noreply.github.com>
Date: Wed, 11 Oct 2023 07:39:35 -0300
Subject: [PATCH] refactor: don't fail if extra signatures we don't care about
 (#67)

---
 lib/esbuild/npm_registry.ex | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/esbuild/npm_registry.ex b/lib/esbuild/npm_registry.ex
index 2817bc0..1e352a5 100644
--- a/lib/esbuild/npm_registry.ex
+++ b/lib/esbuild/npm_registry.ex
@@ -18,18 +18,18 @@ defmodule Esbuild.NpmRegistry do
       "_id" => id,
       "dist" => %{
         "integrity" => integrity,
-        "signatures" => [
-          %{
-            "keyid" => @public_key_id,
-            "sig" => signature
-          }
-        ],
+        "signatures" => signatures,
         "tarball" => tarball
       }
     } =
       fetch_file!("#{@base_url}/#{name}/#{version}")
       |> Jason.decode!()
 
+    %{"sig" => signature} =
+      signatures
+      |> Enum.find(fn %{"keyid" => keyid} -> keyid == @public_key_id end) ||
+        raise "missing signature"
+
     verify_signature!("#{id}:#{integrity}", signature)
     tar = fetch_file!(tarball)