verify · phase 1

verify rusty_pipes_building_supply_chain_malware_for_npm

Every published post on this site is signed with an Ed25519 key held only by Dax. Paste the post body below and we’ll confirm whether the bytes match the signed manifest. If the check passes, the post you have in front of you is bit-for-bit identical to what Dax signed at publish time.

← back to post 94 posts on record

On-record signature

Slug: rusty_pipes_building_supply_chain_malware_for_npm
Title: Rust in Peace: How to Hijack Node.js with a Single Require
Pub date: 2024-06-04T15:00:00.000Z
SHA-256: 5451ae05e9eb56e4a7f0dcc86c98ff7a436c7786174a69239d2746f7cbafb843
Signature (base64): eLOmls6vzrJAeFnKa+rbHtCuuMk/TtQVTPFl85JKPjKAyC//6EsMlsgusdcEKIrOKMg9MTReeVCwzcxhCbQ5DQ==
Signed at: 2026-05-07T03:35:44.729Z
Algorithm: ed25519 over SHA-256 of (title ∥ pubDate ∥ body)
Public key: /api/verify-signature

show public key (PEM)

-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAPqGVCDAOVtOp33ma/CpzMe9JzhqxrXIwzcTs5TquRFg=
-----END PUBLIC KEY-----

Verify your copy

Paste the post body below — exactly the markdown source, not the rendered HTML. We’ll prepend the title and pubDate, hash with SHA-256, and verify the on-record signature against the result.

Awaiting input…