-
-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve hash support #25
Comments
Hi there! I am also having a problem with hash support that I think is related to this issue. When I use the Edit: It appears that in Node Engine v15, the NPM version inside changed which includes a new package-lock.json format. The |
Additionally, it looks like the hashes included come from the |
this feature was implemented in the NPM flavour of this package: |
Hash support needs serious improvement. It appears that hashes are derived from the package itself, rather than calculating them. If the package didn't have a hash, it doesn't show up in the resulting bom. In addition, if a components package does have a hash, its rare that it will contain more than one (sha1, sha-512, but not both for example).
Need to investigate the ability to generate all supported hashes for packages and ensure that unmodified packages have the same hash value as stated in the package manifest. If a hash is generated that doesn't match what's in the package, then flip the
modified
element to true.The text was updated successfully, but these errors were encountered: