admin管理员组文章数量:1188020
For some reason, the command yarn is modifying the file yarn.lock with a new property to every dependency: integrity.
Git diff:
+integrity sha1-zgBCgEX7t9AxwWp7+DV4nxU2arI=
I couldn't find documentation about it so my question is - What is it?
For some reason, the command yarn is modifying the file yarn.lock with a new property to every dependency: integrity.
Git diff:
+integrity sha1-zgBCgEX7t9AxwWp7+DV4nxU2arI=
I couldn't find documentation about it so my question is - What is it?
Share Improve this question edited Nov 29, 2018 at 21:27 tk421 5,9476 gold badges26 silver badges36 bronze badges asked Nov 29, 2018 at 13:43 Stav AlfiStav Alfi 13.9k27 gold badges108 silver badges196 bronze badges 2 |2 Answers
Reset to default 15That is used to detect whether the files have changed since the author originally published them. If the SHA hashes don't match because of file modifications, the integrity check fails.
The author pushes their code to a repository, and this field is used to make sure that what the repository sends out is identical to what the author produced.
The idea of an integrity field is described here: https://w3c.github.io/webappsec-subresource-integrity/#resource-integrity
the integrity was used to verify that versions and hashed values of the package contents in the project’s package.json match those in yarn’s or package's lock file. This helps to verify that the package dependencies have not been altered.
you can check this in yarn check --integrity
本文标签: javascriptWhat is the integrity property inside yarnlock fileStack Overflow
版权声明:本文标题:javascript - What is the integrity property inside yarn.lock file? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1738388773a2084321.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
sha512sum <tarball> | awk '{ print $1 }' | xxd -r -p | base64 -w 88– chb Commented May 9, 2023 at 20:35