New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verifies npm package tarball authenticity and integrity #64

Merged

josevalim merged 13 commits into phoenixframework:main from mimiquate:verify

Oct 10, 2023

Contributor

grzuy commented Oct 10, 2023

closes #42

grzuy added 7 commits

October 9, 2023 11:48


          Moves fetch_body!/1 to Downloader.fetch_body!/1

bc4a180


          Avoid repeating registry base url

0600e8f


          Moves http request to separate function

e8098bb


          Better naming

58f232a


          verify ECDSA signature

e19e205


          verify tarball checksum

55ea1b5


          order

1717cd5

grzuy mentioned this pull request

Verify integrity of downloaded esbuild package #42

Closed

grzuy commented

View reviewed changes

lib/npm_registry.ex Outdated Show resolved Hide resolved

josevalim reviewed

View reviewed changes

lib/esbuild.ex Outdated Show resolved Hide resolved

josevalim reviewed

View reviewed changes

lib/npm_registry.ex Outdated Show resolved Hide resolved

Contributor Author

grzuy commented Oct 10, 2023

Pending adding a few test cases.

Waiting to see if added here or in separate package.

grzuy and others added 2 commits

October 10, 2023 15:59


          Update lib/esbuild.ex

ad7884f

Co-authored-by: José Valim <jose.valim@gmail.com>


          Update lib/npm_registry.ex

77c4759

Co-authored-by: José Valim <jose.valim@gmail.com>

josevalim reviewed

View reviewed changes

lib/npm_registry.ex Outdated Show resolved Hide resolved

josevalim reviewed

View reviewed changes

lib/npm_registry.ex Outdated Show resolved Hide resolved

josevalim reviewed

View reviewed changes

lib/npm_registry.ex Outdated Show resolved Hide resolved

grzuy and others added 2 commits

October 10, 2023 16:02


          Update lib/npm_registry.ex

6aca6bb

Co-authored-by: José Valim <jose.valim@gmail.com>


          mix format

3efd097

josevalim reviewed

View reviewed changes

lib/npm_registry.ex Outdated

+                require Logger
+                @base_url "https://registry.npmjs.org"
+                @public_key_pem File.read!("npm-registry.pem")

Member

josevalim Oct 10, 2023

please move the file to lib/esbuild/npm-registry.pem and also add this:

@external_resource "lib/esbuild/npm-registry.pem"

This will recompile the code and if pem file changes. :)

Contributor Author

grzuy Oct 10, 2023

This will recompile the code and if pem file changes. :)

TIL 😮 👏

grzuy added 2 commits

October 10, 2023 16:04


          namespace

f6929fd


          move pem file

ed26f4f

josevalim merged commit 94d18da into phoenixframework:main

1 of 2 checks passed

Member

josevalim commented Oct 10, 2023

Beautifully done, thank you!
💚 💙 💜 💛 ❤️

Contributor Author

grzuy commented Oct 10, 2023

Will take a look at the CI issue with elixir 11.
Maybe update ci versions also.

grzuy deleted the verify branch

October 10, 2023 19:22

grzuy mentioned this pull request

refactor: avoid duplicated logging and httpc options setting #69

Merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet