Packages
Trust
Verify the registry.
Nipmod verifies packages by digest, signature, source tag, transparency log and external witness before they appear as verified.
Verified registry
Witnesses
Root hash
Quarantine
Yanked
Chain
What must pass
Signed bundles
Every listed package has a bundle signature.
Source tags
Verified packages bind a version tag to a Gitlawb commit.
Transparency
The checkpoint is witnessed outside the registry.
Quiet permissions
No listed package declares network, secrets, exec or install scripts.
No active quarantine
High risk advisories and yanked releases block public readiness.
Pins
Current public roots
- Log
- did:key:z6MkugeJcjgGhG1EpUMhhJ1Q5SoYn65T4cmiuBFE8E82TMykMachine file
- Witness
- z6Mkv8WH...EkewWJMachine file
- Checkpoint
- 3cc66da3292900a4ac482b2c301db5c6e0a00c2461847a29fec5275da7f631cfMachine file
- Installer
- d5b06c973089dfda9ae2cb0234e54d1e6302eecf83bca2101d17569773f51ea0Machine file
- Release key
- 49de8ed6bb670abcefc579534811a1f48c0e478f8427479e0ea05f839f96964eMachine file
- Release artifact
- nipmod-1.2.1.tgzDownload artifact
- Release signature
- nipmod-1.2.1.tgz.sigMachine signature
- Discovery
- https://nipmod.com/.well-known/nipmod.jsonMachine file
- Advisories
- https://nipmod.com/advisories.jsonMachine file
- Security
- https://nipmod.com/securitySecurity page
- Security metadata
- https://nipmod.com/.well-known/security.txtMachine file