Use npm Audit Signatures

JFrog Artifactory Documentation

Products
JFrog Artifactory
Content Type
User Guide
ft:sourceType
Paligo

Starting from version 7.83.1, Artifactory supports npm Audit Signatures, a mechanism that applies and verifies artifact signatures using the ECDSA Key Pairs.

When ECDSA auto signing is enabled on a local repository, it creates a signature for each package which allows you to verify its origins using the npm client. You can ensure the integrity of your packages using the following CLI command:

npm audit signatures

When executing this command, Artifactory will respond with a count of the total number of packages in your repository that are signed.