Project

bundler-integrity

0.01
No release in over a year
bundler-integritydiffend-io/bundler-integrityHomepageDocumentationSource CodeBug TrackerWiki
Gem to verify integrity of packages installed via Bundler. It allows to detect packages that were tampered with or replaced via cache poison or replaced. Add it to your Gemfile and run bundle exec bundler-integrity.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
123,089
Stars
27
Forks
1
Watchers
2
 Releases
Current version
1.0.9
Total releases
9
First release
2022-05-11
Latest release
2022-05-12
 Issues
Open Issues
0
Closed Issues
2
Total Issues
2
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
1
Merged Pull Requests
0
Pull Request Acceptance Rate
0%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2022-05-11
Reverse Dependencies
0

 Dependencies
 Project Readme

Bundler Integrity

This is a gem that runs Bundler checksum integrity checks against RubyGems API.

It allows to detect packages that were tampered with or replaced via cache poison or replaced.

It uses correct SHA checksums from the RubyGems API, so if anything happened "in between" it should be detected.

No warranties whatsoever.

Usage

For local you can add bundler-integrity to your gemfile (recommended):

bundle add bundler-integrity
bundle install
# And run this to verify integrity of your local installation
bundle exec bundler-integrity

demo shell example

Exporting data

You can also export the expected checksums with the gems package names, so you can compare that on multiple servers without having to install this package everywhere.

To do so, install bundler-integrity on one of the machines as stated above and run:

bundle exec bundler-integrity export

to get list of all the expected checksums for all the packages.

Created by

Maciej Mensfeld and WhiteSource :)