You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As discussed in #24 the openam-ui-ria project pulls in an NPM installer via a Maven plugin. We need a way to verify the NPM installer we downloaded.
This might require adding functionality to the com.github.eirslett:frontend-maven-plugin plugin. NPM provides a list with hashes of the installers (SHASUMS256.txt) and has also signed this list (SHASUMS256.txt.asc).
The text was updated successfully, but these errors were encountered:
@Kortanul Didn't mean to imply you should take it on ;-). The FYI was more about this is something that is also of value for IDM and so that you are aware of this "hole" in our verification process.
As discussed in #24 the
openam-ui-ria
project pulls in an NPM installer via a Maven plugin. We need a way to verify the NPM installer we downloaded.This might require adding functionality to the
com.github.eirslett:frontend-maven-plugin
plugin. NPM provides a list with hashes of the installers (SHASUMS256.txt
) and has also signed this list (SHASUMS256.txt.asc
).The text was updated successfully, but these errors were encountered: