Use of sha1 and md5 in integrity of package in yarn.lock

1.2k Views Asked by ALOK RANJAN At 21 October 2024 at 01:27

Since md2, md5, sha1 hashing mechanisms are deprecated for iOS 13 and are not considered safe.

Why are we having it in integrity in dependencies in yarn.lock file.

"@types/redux-thunk@^2.1.0":
  version "2.1.0"
  resolved "https://registry.yarnpkg.com/@types/redux-thunk/-/redux-thunk-2.1.0........"
  integrity sha1-vCtulylhgxr7gq.......
  dependencies:
    redux-thunk "*"

Is it safe to use for development?

Original Q&A

There are 1 best solutions below

AKX On 09 March 2022 at 12:52

Why are we having [SHA1] in integrity in dependencies in yarn.lock file.

Because not all packages have sha512 integrity hashes available. New(er) packages do, older packages might not.

Is it safe to use for development?

Yes, I'd say so. I think it's very, very unlikely that anyone could concoct a malicious package file that would both be a valid package and have a SHA1 hash collision with the original.

Use of sha1 and md5 in integrity of package in yarn.lock

There are 1 best solutions below

Related Questions in NODE.JS

Related Questions in REACT-NATIVE

Related Questions in NPM

Related Questions in YARN-LOCK.JSON

Trending Questions

Popular # Hahtags

Popular Questions