Skip to content

Commit

Permalink
refactor: don't fail if extra signatures we don't care about (#67)
Browse files Browse the repository at this point in the history
  • Loading branch information
grzuy authored Oct 11, 2023
1 parent 7ba419c commit f88f731
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions lib/esbuild/npm_registry.ex
Original file line number Diff line number Diff line change
Expand Up @@ -18,18 +18,18 @@ defmodule Esbuild.NpmRegistry do
"_id" => id,
"dist" => %{
"integrity" => integrity,
"signatures" => [
%{
"keyid" => @public_key_id,
"sig" => signature
}
],
"signatures" => signatures,
"tarball" => tarball
}
} =
fetch_file!("#{@base_url}/#{name}/#{version}")
|> Jason.decode!()

%{"sig" => signature} =
signatures
|> Enum.find(fn %{"keyid" => keyid} -> keyid == @public_key_id end) ||
raise "missing signature"

verify_signature!("#{id}:#{integrity}", signature)
tar = fetch_file!(tarball)

Expand Down

0 comments on commit f88f731

Please sign in to comment.