Skip to content

🚀 Feature Request: Validate DID prior to installing new package #440

New issue
New issue
Open
Feature
Open
🚀 Feature Request: Validate DID prior to installing new package#440
Feature
@johnbillion

Description

@johnbillion
johnbillion
opened on Feb 14, 2026

Describe the problem that needs this feature

During a plugin or theme update, the DID contained in the header of the incoming package isn't validated. This means it's possible for:

  • A plugin or theme author to accidentally change or remove their DID (copy paste mistake, truncation, removal, etc) and permanently break all future updates.
  • An attacker to do the same, for example via a pull request that changes the DID and goes unnoticed.

Describe the solution you'd like

FAIR Connect should validate the DID of the incoming package. This needs to happen after the package is extracted but before it's put into place.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Feature

    Projects

    FAIR Milestone Tracking

    Status

    In Progress

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions