diff --git a/lib/esbuild/npm_registry.ex b/lib/esbuild/npm_registry.ex
index 2817bc0..1e352a5 100644
--- a/lib/esbuild/npm_registry.ex
+++ b/lib/esbuild/npm_registry.ex
@@ -18,18 +18,18 @@ defmodule Esbuild.NpmRegistry do
       "_id" => id,
       "dist" => %{
         "integrity" => integrity,
-        "signatures" => [
-          %{
-            "keyid" => @public_key_id,
-            "sig" => signature
-          }
-        ],
+        "signatures" => signatures,
         "tarball" => tarball
       }
     } =
       fetch_file!("#{@base_url}/#{name}/#{version}")
       |> Jason.decode!()
 
+    %{"sig" => signature} =
+      signatures
+      |> Enum.find(fn %{"keyid" => keyid} -> keyid == @public_key_id end) ||
+        raise "missing signature"
+
     verify_signature!("#{id}:#{integrity}", signature)
     tar = fetch_file!(tarball)