Identify Whether an npm Local Repository Uses ECDSA Signing

JFrog Artifactory Documentation

JFrog Artifactory
Content Type
User Guide

To identify whether your local repository has signing enabled, look for the signature in one of the packages in the repository.

You can view the signature for a package under the dist object in the package metadata JSON file, for example:

  "signatures": [{
    "keyid": "SHA256:{{SHA256_PUBLIC_KEY}}",
    "sig": "a312b7c3cb4a1b693e8ebac5ee1ca9cc01g2661c14381917dcb111517f72370809..."