MCPcopy
hub / github.com/larksuite/cli / verifyChecksum

Function verifyChecksum

scripts/install.js:288–311  ·  view source on GitHub ↗
(archivePath, expectedHash)

Source from the content-addressed store, hash-verified

286}
287
288function verifyChecksum(archivePath, expectedHash) {
289 if (expectedHash === null) return;
290
291 // Stream the file to avoid loading the entire archive into memory.
292 // Archives can be 10-100MB; streaming keeps RSS constant.
293 const hash = crypto.createHash("sha256");
294 const fd = fs.openSync(archivePath, "r");
295 try {
296 const buf = Buffer.alloc(64 * 1024);
297 let bytesRead;
298 while ((bytesRead = fs.readSync(fd, buf, 0, buf.length, null)) > 0) {
299 hash.update(buf.subarray(0, bytesRead));
300 }
301 } finally {
302 fs.closeSync(fd);
303 }
304 const actual = hash.digest("hex");
305
306 if (actual.toLowerCase() !== expectedHash.toLowerCase()) {
307 throw new Error(
308 `[SECURITY] Checksum mismatch for ${path.basename(archivePath)}: expected ${expectedHash} but got ${actual}`
309 );
310 }
311}
312
313if (require.main === module) {
314 if (!platform || !arch) {

Callers 2

installFunction · 0.85
install.test.jsFile · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected