search

EqualMa / gitpkg

use a sub directory of a github repo as yarn / npm dependency directly
https://gitpkg.vercel.app
324 stars 18 forks source link

How do integrity check works of a package content? #45

Closed fastchain closed 8 months ago

fastchain commented 1 year ago

Hello,

In yarn.lock I see 

"@openzeppelin/contracts-upgradeable@https://gitpkg.now.sh/OpenZeppelin/openzeppelin-contracts-upgradeable/contracts?master":
  version "4.9.2"
  resolved "https://gitpkg.now.sh/OpenZeppelin/openzeppelin-contracts-upgradeable/contracts?master#14799b874affa7a27c42ee65dc9269917c013f85"

14799b874affa7a27c42ee65dc9269917c013f85 seems to be something about integrity,but it's not a commit ID. What is it?

EqualMa commented 8 months ago

Hi, it is a shasum of the package files but I don't which specific algorithm is used by yarn.