Use npm Audit Signatures

JFrog Artifactory Documentation

JFrog Artifactory
Content Type
User Guide

Starting from version 7.83.1, Artifactory supports npm Audit Signatures, a mechanism that applies and verifies artifact signatures using the ECDSA Key Pairs.

When ECDSA auto signing is enabled on a local repository, it creates a signature for each package which allows you to verify its origins using the npm client. You can ensure the integrity of your packages using the following CLI command:

npm audit signatures

When executing this command, Artifactory will respond with a count of the total number of packages in your repository that are signed.