Identify Whether an npm Local Repository Uses ECDSA Signing

JFrog Artifactory Documentation

Products
JFrog Artifactory
Content Type
User Guide
ft:sourceType
Paligo

To identify whether your local repository has signing enabled, look for the signature in one of the packages in the repository.

You can view the signature for a package under the dist object in the package metadata JSON file, for example:

"dist":{
  ..omitted..,
  "signatures": [{
    "keyid": "SHA256:{{SHA256_PUBLIC_KEY}}",
    "sig": "a312b7c3cb4a1b693e8ebac5ee1ca9cc01g2661c14381917dcb111517f72370809..."
  }],