docs: replace integrity signature algorithm with SHA-512 in README

nodejs / corepack

Zero-runtime-dependency package acting as bridge between Node projects and their package managers

MIT License

2.31k stars 145 forks source link

docs: replace integrity signature algorithm with SHA-512 in README #499

Open isudzumi opened 3 weeks ago

isudzumi commented 3 weeks ago

After https://github.com/nodejs/corepack/pull/432, looks the hash algorithm for integrity check have switched to SHA-512. I want to reflect it to README.

aduh95 commented 1 week ago

Not sure I agree with this change, SHA-224 is still a valid algorithm, and before https://github.com/nodejs/corepack/pull/432 Corepack were using SHA-256 anyway. Corepack now defaults to SHA-512 because that's what npm signs, and since we have to calculate the SHA-512 to verify the signature, it's also what we put in the package.json – but if the user is providing the SHA, SHA-224 is still a perfectly valid choice.