Don't just check signatures. Rebuild the source.

ClearHash fetches a package, verifies its SLSA attestation through Sigstore + Rekor, rebuilds it from the attested source commit in a Docker container, and compares the rebuilt file tree against the registry artifact. If anything differs, the install is blocked.

Try it →GitHub

Live demo

A real verify run against npm:sigstore@2.3.1 — full pipeline in ~36 seconds (shown at 4× playback).

verify demo

What it catches

The supply-chain attacks of the last five years (event-stream, ua-parser-js, the post-install crypto-wallet stealers, xz-utils) all share one shape: the registry tarball diverges from the source repo. Existing tools verify who signed the tarball or that the tarball matches itself across mirrors — but not whether the tarball is what the source code would produce. ClearHash does the rebuild and the comparison.

Sigstore + Rekor

Verifies the SLSA attestation envelope, extracts the Fulcio-issued leaf cert, cross-checks the workflow URI against the attested source repo, and confirms a Rekor transparency-log entry.

Real rebuild

Clones the attested commit, pins HEAD, runs the ecosystem's build script (npm ci + npm pack) in a Docker container — with --ignore-scripts to block lifecycle hooks.

File-tree compare

Normalizes both archives (strips mtimes, scrubs npm-injected metadata), Merkle-hashes the file trees, and surfaces per-file diffs on mismatch.

Install the CLI

git clone https://github.com/Builder106/ClearHash.git
cd ClearHash
cargo install --path crates/clearhash-cli

clearhash verify npm:sigstore@2.3.1

The full verify pipeline needs a running Docker daemon (Docker Desktop or OrbStack on macOS). The /inspect endpoint on this site runs the fetch + attestation parse parts without Docker.

API

Programmatic access to the inspect endpoint:

$ curl 'https://clear-hash.vercel.app/api/inspect?package=npm:sigstore@2.3.1'
{
  "package": "npm:sigstore@2.3.1",
  "registry_sha256": "1b5041a35f86125db7f872742502470753fd2e1109521b7dbff8a61d229a03c2",
  "attestation": {
    "source_repo": "git+https://github.com/sigstore/sigstore-js@refs/heads/main",
    "commit_sha": "46e7056ff9912ebfee5298d94024895a9fea76c0",
    "builder_id": "https://github.com/actions/runner/github-hosted",
    "issuer_dn": "O=sigstore.dev, CN=sigstore-intermediate",
    "workflow_uri": "https://github.com/sigstore/sigstore-js/.github/workflows/release.yml@refs/heads/main",
    "rekor_log_index": 94408136
  }
}

Rate-limited to 30 requests/minute globally. For higher throughput, run the CLI locally.