After Dark utilizes the NPM CLI to produce a unique cryptographic hash each release, enabling any copy to be uniquely identified regardless of its source.
Release hashes use the SHA-512 algorithm and look like this:
Each release a new hash is generated in the following locations:
- Embedded using PGP in the
- Codified into the latest or version-specific NPM package metadata.
- Embedded inside the After Dark Online Help documentation.
Upon receiving your copy of After Dark you may use the release hash to verify you are using an unadulterated version of the software.
Run the Release Validator to quickly check your release offline:
For a more thorough inspection do the following:
- Install the npm cli on your machine.
- Navigate to
themes/after-darkfrom within your site.
npm i && npm run integrityto generate your SHA-512 hash.
- Compare your hash to the hash generated during a signed release.
- If equal, verify the GPG signature used to sign that release.
If inspection fails run the Upgrade Script and try again.