遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/8721)
<a href="https://www.bestpractices.dev/projects/8721"><img src="https://www.bestpractices.dev/projects/8721/badge"></a>
Library, CLI, and GitHub Action for verifying hashes
https://github.com/sgammon/hashlock/blob/main/.github/CONTRIBUTING.md
https://github.com/sgammon/hashlock/blob/main/.github/DCO.md
https://github.com/sgammon/hashlock/blob/main/.github/CONTRIBUTORS.md
https://github.com/sgammon/hashlock/blob/main/.github/CODE_OF_CONDUCT.md
https://github.com/sgammon/hashlock/issues
Not applicable because it is a standalone tool with very little code.
https://github.com/sgammon/hashlock/security/policy
https://github.com/sgammon/hashlock/blob/main/README.md
Documentation is built automatically.
Site uses Typedoc which is i18n friendly
Not applicable because it reports through GitHub's interface or the CLI, or structured formats. Users can use their own output logger however they want.
No passwords on website
There is only one live version. Version support is governed by the security policy.
https://github.com/sgammon/hashlock/security/advisories
We use Prettier, eslint, and other tools.
Build system is Bun/TypeScript
Source maps are shipped with the package
No cross-dependencies (project modules)
Perfectly repeatable build via esbuild
Support for NPM
NPM automatically handles this
Local NPM repositories
https://github.com/sgammon/hashlock/network/dependencies
GitHub Dependency Review
Automatic updates with Dependabot
No deprecated methods used
Testing with Bun and Jest
Completed bugs have tests
Greater than 90% coverage
Built and checked at maximally strict settings
Not implementing sensitive routines like hashing or encryption
Cryptographic primitives (hashing) are strong and well supported
Supports all popular hash algorithms
Signed via Sigstore/SLSA
Tags are signed
Monitoring during CI runs and publishing
Network and sudo hardening in CI https://github.com/sgammon/hashlock/blob/main/.github/workflows/ci.build-test.yml
https://github.com/sgammon/hashlock/blob/main/.github/SECURITY.md
Sonar and CodeQL are listed in the repo
Not applicable (JavaScript)
后退