clearhash@verifier — v0.1 · MIT · ● ready

supply-chain integrity verifier — rebuild every package, compare every byte, block every tamper.

==>

clearhash info · case CLH-26

classification
open · public · MIT
subject
Supply-chain integrity (npm · PyPI · Cargo)
method
rebuild ✕ compare against attested source commit
rate-limit
30 req/min global, /inspect endpoint
==>

Don't just check signatures. Rebuild the source.

ClearHash fetches a package, verifies its SLSA attestation through Sigstore + Rekor, rebuilds it from the attested source commit in a Docker container, and compares the rebuilt file tree against the registry artifact. If anything differs, the install is blocked.

==>

exhibit A · live verify run · npm:sigstore@2.3.1

Full pipeline in ~36 seconds (shown at 4× playback). The fetch, the attestation parse, the Docker rebuild, the tree-diff — every step in the recording, in order.

clearhash verify npm:sigstore@2.3.1rec · 36s
verify demo
The rebuild reproduces the registry artifact byte-for-byte. MATCH — tree-hash logged.
  [1/5] Fetching sigstore from npm
        sha256: 1b5041a35f86125db7f872742502470753fd2e1109521b7dbff8a61d229a03c2
  [2/5] Verifying Sigstore attestation
        WARN clearhash_provenance: provenance: validated
        commit: 46e7056ff991  (workflow: github.com/sigstore/sigstore-js/.github/workflows/release.yml@refs/heads/main)
  [3/5] Spinning up rebuild container (node:20.11.1-bookworm-slim)
  [4/5] Rebuilding from source at commit 46e7056ff991
  [5/5] Comparing file trees

  ✓ MATCH npm:sigstore@2.3.1 tree-hash ec714016d7e4ce742f9aa23b6f16f19cb967bf82
==>

method of examination · what it catches, and how

The supply-chain attacks of the last five years (event-stream, ua-parser-js, the post-install crypto-wallet stealers, xz-utils) all share one shape: the registry tarball diverges from the source repo. Existing tools verify who signed the tarball, or that the tarball matches itself across mirrors — but not whether the tarball is what the source code would produce. ClearHash does the rebuild and the comparison.

step 1/3

Sigstore + Rekor

Verifies the SLSA attestation envelope, extracts the Fulcio-issued leaf cert, cross-checks the workflow URI against the attested source repo, and confirms a Rekor transparency-log entry.

rekor_log_index → 94,408,136
step 2/3

Real rebuild

Clones the attested commit, pins HEAD, runs the ecosystem's build script (npm ci + npm pack) in a Docker container — with --ignore-scripts to block lifecycle hooks.

commit_sha → 46e7056ff991…
step 3/3

File-tree compare

Normalises both archives (strips mtimes, scrubs npm-injected metadata), Merkle-hashes the file trees, and surfaces per-file diffs on mismatch.

tree_hash → ec714016d7e4ce74…
==>

install the CLI

The full verify pipeline needs a running Docker daemon (Docker Desktop or OrbStack on macOS). The /inspect endpoint on this site runs the fetch + attestation parse parts without Docker.

  $ git clone https://github.com/Builder106/ClearHash.git
  $ cd ClearHash
  $ cargo install --path crates/clearhash-cli

  $ clearhash verify npm:sigstore@2.3.1
==>

API · programmatic specimen request

Programmatic access to the inspect endpoint:

  $ curl 'https://clear-hash.vercel.app/api/inspect?package=npm:sigstore@2.3.1'
  {
    "package": "npm:sigstore@2.3.1",
    "registry_sha256": "1b5041a35f86125db7f872742502470753fd2e1109521b7dbff8a61d229a03c2",
    "attestation": {
      "source_repo": "git+https://github.com/sigstore/sigstore-js@refs/heads/main",
      "commit_sha": "46e7056ff9912ebfee5298d94024895a9fea76c0",
      "builder_id": "https://github.com/actions/runner/github-hosted",
      "issuer_dn": "O=sigstore.dev, CN=sigstore-intermediate",
      "workflow_uri": "https://github.com/sigstore/sigstore-js/.github/workflows/release.yml@refs/heads/main",
      "rekor_log_index": 94408136
    }
  }

Warning: rate-limited to 30 requests/minute globally. For higher throughput, run the CLI locally.