Tag
package-verification
Safeguard articles tagged "package-verification" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Guides
How to Verify an npm Package Before Installing It
Five checks that take about four minutes — tarball inspection, install-script review, provenance verification, maintainer signals — before you let a new npm package run code on your machine.
Jul 9, 20256 min read
Open Source Security
NuGet Signed Packages Verification
NuGet supports signed packages — author signatures, repository signatures, and verification modes. A practical guide to enforcing it properly.
Nov 22, 20245 min read