The project is in a healthy, maintained state
Gem to verify integrity of packages installed via Bundler. It allows to detect packages that were tampered with or replaced via cache poison or replaced. Add it to your Gemfile and run bundle exec bundler-integrity.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
 Dependencies
 Project Readme

Bundler Integrity

This is a gem that runs Bundler checksum integrity checks against RubyGems API.

It allows to detect packages that were tampered with or replaced via cache poison or replaced.

It uses correct SHA checksums from the RubyGems API, so if anything happened "in between" it should be detected.

No warranties whatsoever.

Usage

For local you can add bundler-integrity to your gemfile (recommended):

bundle add bundler-integrity
bundle install
# And run this to verify integrity of your local installation
bundle exec bundler-integrity

demo shell example

Exporting data

You can also export the expected checksums with the gems package names, so you can compare that on multiple servers without having to install this package everywhere.

To do so, install bundler-integrity on one of the machines as stated above and run:

bundle exec bundler-integrity export

to get list of all the expected checksums for all the packages.

Created by

Maciej Mensfeld and WhiteSource :)