clearhash@verifier — v0.1 · MIT · ● ready

supply-chain integrity verifier — rebuild every package, compare every byte, block every tamper.

==>

clearhash info · case CLH-26

classification
open · public · MIT
subject
Supply-chain integrity (npm · PyPI · Cargo)
method
rebuild ✕ compare against attested source commit
rate-limit
30 req/min global, /inspect endpoint
==>

inspect a package

$clearhash verify
[WARN]no attestation on fileThe CLI's verify refuses to rebuild this artifact without --allow-unattested.
packagenpm:left-pad@1.3.0
registry sha-256
noteThis package has no SLSA attestation. The CLI's verify refuses to rebuild it without --allow-unattested.

==> json · GET /api/inspect?package=npm:left-pad@1.3.0