Skip to content

Use checksums to verify integrity of the downloads #7

New issue
New issue
Open
Open
Use checksums to verify integrity of the downloads#7
Labels
enhancementNew feature or requeststatus - PR WelcomeThis issue is well-defined and community PRs are welcome
@Pauan

Description

@Pauan
Pauan
opened on Mar 13, 2020

On Discord somebody mentioned that they won't use wasm-pack because it is insecure, because it is downloading a foreign URL without using a checksum to verify the integrity.

I agree with them, I think for security it's important to verify checksums on all downloaded binaries.

So first this will have to be added to binary-install, and then wasm-pack can be changed to use the checksums.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requeststatus - PR WelcomeThis issue is well-defined and community PRs are welcome

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions