vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-06-28 01:13:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(release): lazy-load sigstore verification

Browse Source
This commit is contained in:
Vincent Koc
2026-06-19 19:57:41 +02:00
parent 583829a342
commit 2b0a72bb48
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/openclaw-npm-postpublish-verify.ts
View File

@@ -24,7 +24,6 @@ import {
win32 as pathWin32,
} from "node:path";
import { pathToFileURL } from "node:url";
import { verify as verifySigstoreBundle } from "sigstore";
import { formatErrorMessage } from "../src/infra/errors.ts";
import { BUNDLED_RUNTIME_SIDECAR_PATHS } from "../src/plugins/runtime-sidecar-paths.ts";
import { readBoundedResponseText } from "./lib/bounded-response.ts";
@@ -278,7 +277,8 @@ async function verifySigstoreNpmProvenanceBundle(
bundle: unknown,
policy: NpmProvenanceVerificationPolicy,
): Promise<void> {
await verifySigstoreBundle(bundle as Parameters<typeof verifySigstoreBundle>[0], policy);
const sigstore = require("sigstore") as { verify: VerifyNpmProvenanceBundle };
await sigstore.verify(bundle, policy);
}
export async function verifyNpmProvenanceAttestation(params: {