feat: Optional strict verification

Changed the default of failing on unsigned packages, as most packages won't be signed anyway. Users can opt-in to a stricter check if they expect the package to be signed.
47ng · Dec 13, 2022 · 7aeb7f4 · 7aeb7f4
1 parent 120ebc7
commit 7aeb7f4
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/src/cli/args.ts b/src/cli/args.ts
@@ -34,6 +34,7 @@ const verifyCommandSchema = z.object({
   packageDir: z.string().optional(),
   publicKey: hexStringSchema(32).optional(),
   file: z.string().optional().default(SCEAU_FILE_NAME),
+  strict: z.boolean().optional().default(false),
 })
 
 export type VerifyCommandArgs = z.infer<typeof verifyCommandSchema>
@@ -92,6 +93,7 @@ ${chalk.green('##')} ${chalk.bold('sceau verify')}
       --packageDir [path]     Path to the package to process (default: \`cwd\`)
       --file [path]           Path to the sceau file (default: \`sceau.json\`)
       --publicKey [key]       env: SCEAU_PUBLIC_KEY  Signature public key to use for verification (defaults to using the embedded one)
+      --strict                Fail if package is not signed
   `)
     process.exit(1)
   }

diff --git a/src/cli/commands/verify.ts b/src/cli/commands/verify.ts
@@ -12,7 +12,12 @@ export async function verifyCommand(args: VerifyCommandArgs) {
     const sceauFilePath = path.resolve(packageDir, args.file)
     await fs.stat(sceauFilePath).catch(error => {
       if (error.code === 'ENOENT') {
-        throw new Error('This package is not signed')
+        const message = 'This package is not signed'
+        if (args.strict) {
+          throw new Error(chalk.red(message))
+        }
+        console.info(message)
+        process.exit(0)
       }
       throw error
     })