@pkgdeps/secretlint-rule-checksum
v1.3.1
Published
secretlint rule that check if checking checksum.
Downloads
7,490
Maintainers
Readme
@pkgdeps/secretlint-rule-checksum
secretlint rule that check if checking checksum.
Install
Install with npm:
npm install @pkgdeps/secretlint-rule-checksum
Requirements: secretlint v4+
Usage
Via .secretlintrc.json
(Recommended)
{
"rules": [
{
"id": "@pkgdeps/secretlint-rule-checksum"
}
]
}
MessageIDs
FOUND_UNVERIFIED_BINARY
found unverified binary: ${props.binary}
You need to verify checksum of the executable binary.
This rule found a unverified binary. Unverified binary is next definition.
- Do
chmod +x binary
- And the binary is not verified by
checksum
command
This rule aims to found untrusted binary that is downloaded by curl
or wget
.
As a results, It will prevent Supply-chain attack via untrusted binary.
verify-checksum-cheatsheet helps you how to verify the binary.
Manual Verify
This rule report some false-positive, So You can verify the binary by comment.
This rule ignore the error if following comment is found around chmod
.
# {binary} is verified
For example, You can verify the jq
binary by a comment.
# jq is verified
chmod 755 jq
or
chmod 755 jq # jq is verified
Options
allowBinaryNames: string[]
- Allows a list of binary name
- For example,
["jq"]
Changelog
See Releases page.
Changelog
See Releases page.
Running tests
Install devDependencies and Run npm test
:
npm test
Contributing
Pull requests and stars are always welcome.
For bugs and feature requests, please create an issue.
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin my-new-feature
- Submit a pull request :D
Author
License
MIT © azu