@dk/hipp 0.1.24 → 0.1.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +7 -6
  2. package/hipp.js +1 -1
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -176,6 +176,7 @@ The manifest contains:
176
176
 
177
177
  - **Code is safe or bug-free**: Malicious or buggy code can be signed
178
178
  - **Publisher is trustworthy**: The key holder could sign bad code intentionally
179
+ - **Name/email is accurate**: These are read from local `git config` and could be set to anything
179
180
 
180
181
  Verification proves that npm matches git - it says nothing about whether that
181
182
  code is correct or safe.
@@ -238,20 +239,20 @@ PERFORMANCE OF THIS SOFTWARE.
238
239
  Verify this package with [@dk/hipp](https://www.npmjs.com/package/@dk/hipp):
239
240
 
240
241
  ```bash
241
- npx @dk/hipp verify @dk/hipp@0.1.24
242
+ npx @dk/hipp verify @dk/hipp@0.1.26
242
243
  ```
243
244
 
244
245
  ```json
245
246
  {
246
247
  "origin": "git@github.com:dmytri/hipp.git",
247
- "tag": "v0.1.24",
248
- "revision": "5e933090af3b384fe51e114207ea240f0124d0a1",
249
- "hash": "588c38d438bdc3aa7e8ffa9f5805b4542e65789daa113d8c7f78c3ecc31884fc",
250
- "signature": "LGsyEmAATa79Z8TbPl5xjGMUBTJO7A1jpq+2/XvO8M6u/RNdUGntfb03T8jjc/l9K0XxNCaVmC/pYIZhBB8rDQ==",
248
+ "tag": "v0.1.26",
249
+ "revision": "54ec0b8b85b58aa5064a223257278218aadb4a37",
250
+ "hash": "86b5c3f9d90860998db29b3392a32b2d8a170b42617471684942ecc4aeb81622",
251
+ "signature": "+ke2wAueXxhrGaoQE1OqO40ah9j/nDfjnFMuuPILitxU3goPMg9dMtlDezTwnjtq9i/vExpYdYFodQlXumxUCg==",
251
252
  "name": "Dmytri Kleiner",
252
253
  "email": "dev@dmytri.to",
253
254
  "npm": "11.12.1",
254
255
  "node": "v25.8.2",
255
- "hipp": "0.0.0"
256
+ "hipp": "0.1.26"
256
257
  }
257
258
  ```
package/hipp.js CHANGED
@@ -684,7 +684,7 @@ async function run() {
684
684
  const nodeVersion = process.version;
685
685
  const hippPkgPath = path.join(path.dirname(process.argv[1]), 'package.json');
686
686
  const hippPkg = JSON.parse(fs.readFileSync(hippPkgPath, 'utf8'));
687
- const hippVersion = hippPkg.version;
687
+ const hippVersion = hippPkg.version === '0.0.0' ? version : hippPkg.version;
688
688
  const originUrl = provenance.remoteUrl;
689
689
  const dataToSign = buildSignData(tarballHash, originUrl, rawTag, revision, name, email);
690
690
  const signature = signContent(dataToSign, privateKey);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dk/hipp",
3
- "version": "0.1.24",
3
+ "version": "0.1.26",
4
4
  "description": "High Integrity Package Publisher",
5
5
  "main": "hipp.js",
6
6
  "bin": {