fix: change repo name and fetch url

yao-pkg · Oct 3, 2023 · dba6017 · dba6017
1 parent c6fdae4
commit dba6017
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-A utility to fetch or build patched Node binaries used by [pkg](https://github.com/vercel/pkg) to generate executables. This repo hosts prebuilt binaries in [Releases](https://github.com/vercel/pkg-fetch/releases).
+A utility to fetch or build patched Node binaries used by [pkg](https://github.com/yao-pkg/pkg) to generate executables. This repo hosts prebuilt binaries in [Releases](https://github.com/yao-pkg/pkg-fetch/releases).
 
 ## Binary Compatibility
 
@@ -32,14 +32,14 @@ Like most of you, this project does not have access to advance/private disclosur
 
 This project deploys multiple defense measures to ensure that the safe binaries are delivered to users:
 
-- Binaries are compiled by [Github Actions](https://github.com/vercel/pkg-fetch/actions)
+- Binaries are compiled by [Github Actions](https://github.com/yao-pkg/pkg-fetch/actions)
   - Workflows and build logs are transparent and auditable.
   - Artifacts are the source of truth. Even repository/organization administrators can't tamper them.
-- Hashes of binaries are hardcoded in [source](https://github.com/vercel/pkg-fetch/blob/HEAD/lib/expected.ts)
+- Hashes of binaries are hardcoded in [source](https://github.com/yao-pkg/pkg-fetch/blob/HEAD/lib/expected.ts)
   - Origins of the binaries are documented.
   - Changes to the binaries are logged by VCS (Git) and are publicly visible.
   - `pkg-fetch` rejects the binary if it does not match the hardcoded hash.
-- GPG-signed hashes are available in [Releases](https://github.com/vercel/pkg-fetch/releases)
+- GPG-signed hashes are available in [Releases](https://github.com/yao-pkg/pkg-fetch/releases)
   - Easy to spot a compromise.
 - `pkg-fetch` package on npm is strictly permission-controlled
   - Only authorized Vercel employees can push new revisions to npm.

diff --git a/lib/index.ts b/lib/index.ts
@@ -23,7 +23,7 @@ async function download(
   { tag, name }: Remote,
   local: string
 ): Promise<boolean> {
-  const url = `https://github.com/vercel/pkg-fetch/releases/download/${tag}/${name}`;
+  const url = `https://github.com/yao-pkg/pkg-fetch/releases/download/${tag}/${name}`;
 
   try {
     await downloadUrl(url, local);

diff --git a/package.json b/package.json
@@ -4,7 +4,7 @@
   "description": "Compiles and stores base binaries for pkg",
   "main": "lib-es5/index.js",
   "license": "MIT",
-  "repository": "vercel/pkg-fetch",
+  "repository": "yao-pkg/pkg-fetch",
   "bin": {
     "pkg-fetch": "lib-es5/bin.js"
   },