Npmjs.org and GitHub 2.3.0 release packages checksum differs #93
Comments
|
The archive between npm and GitHub is not guaranteed to match. They don't use the exact same archive. |
|
As for the virus alert. That is a false-positive. You will have to report that to your anti-virus vendor. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Npmjs.org and GitHub 2.3.0 release packages checksum differs.
Our firewall virus scanner started flagging for https://registry.npmjs.org/clipboardy/-/clipboardy-2.3.0.tgz clipboard_i686.exe on May 31th:
Checked the checksum:
$ wget -O github_clipboardy-2.3.0.tgz https://github.com/sindresorhus/clipboardy/archive/refs/tags/v2.3.0.tar.gz
$ wget -O npmjsorg_clipboardy-2.3.0.tgz https://registry.npmjs.org/clipboardy/-/clipboardy-2.3.0.tgz
$ sha256sum npmjsorg_clipboardy-2.3.0.tgz
9e80e29dabb1ee5690905227970d3e3be4cf6330b542cc0571e4cd1a2bf279f4 npmjsorg_clipboardy-2.3.0.tgz
$ sha256sum github_clipboardy-2.3.0.tgz
4712cf7cfaa04ac65d1e0529ea0e67a02de210ffdbfe01af39390c18cd882aab github_clipboardy-2.3.0.tgz
The text was updated successfully, but these errors were encountered: