# Install minisign with npm

JavaScript implementation of Frank Denis' (@jedisct1) minisign tool. Version 2.2.0 via npm; verified 2022-12-12.

## Install

```sh
sudo av install npm:minisign
```

Additional install commands:

### Portable and language managers

- npm (100%):

```sh
npm install -g minisign
```

  Evidence: local npm package metadata

## Package facts

- **Package key:** npm:minisign
- **Package manager:** npm
- **Package manager page:** <https://www.npmjs.com/package/minisign>
- **Version:** 2.2.0
- **Source summary:** JavaScript implementation of Frank Denis' (@jedisct1) minisign tool.
- **Homepage:** <https://github.com/chm-diederichs/minisign#readme>
- **Repository:** <https://github.com/chm-diederichs/minisign>
- **Upstream docs:** <https://github.com/chm-diederichs/minisign#readme>
- **License:** ISC
- **Source archive:** <https://registry.npmjs.org/minisign/-/minisign-2.2.0.tgz>
- **Issue tracker:** <https://github.com/chm-diederichs/minisign/issues>
- **Published:** 2022-12-12T13:20:04.363Z
- **Last updated:** 2022-12-12T13:20:04.363Z
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- minisign (cli)

## Dependencies

- buffer-xor
- minimist
- sodium-native

## Build dependencies

- buffer-reverse
- standard
- tape

## Install behavior

- Post-install hook: not defined
- Bottle: not available

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 2.2.0
- Package-manager updated: 2022-12-12
- Local data: ok
- Upstream repository: https://github.com/chm-diederichs/minisign
- warning: The package-manager record has not been updated in over a year.
- info: No cached GitHub release or tag data was available.

## Security Notes

No matching local secret-handling manifest was found for minisign. Nucleus package metadata is still published here so future coverage has a stable package URL.


## Source Database Details

- **Source Database:** npm registry
- **Dist Tags:** Latest: 2.2.0
- **Version Count:** 7
- **Maintainers:** mafintosh, emilbay, chm-diederichs
- **Author:** Christophe Diederichs
- **Publisher:** chm-diederichs
- **Integrity:** sha512-7eJv/gA95fjpMQWXL4ONofoDa5bf/c6UQ0xfDm1lEzliKAbAC5OSEl9duu/jJD/8I3Iz3DYiQg3tvoUuDqMORg==
- **Shasum:** c0be609c879ce00826909e2d22c4e2284927f347
- **Unpacked Size:** 1,118,789
- **File Count:** 0
- **Created At:** 2019-04-30T08:50:59.678Z
- **Latest Published At:** 2022-12-12T13:20:04.363Z
- **Modified At:** 2022-12-12T13:20:04.450Z

## Other Package-Manager Records

- Debian apt - minisign - 0.12-1: normalized package name match | Debian stable package indexes: minisign from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Dead simple tool to sign files and verify signatures | https://jedisct1.github.io/minisign/
- Nix - minisign: normalized package name match | nixpkgs package indexes: pkgs/by-name/mi/minisign/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - minisign - 0.11-1: normalized package name match | Ubuntu 24.04 LTS package indexes: minisign from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Dead simple tool to sign files and verify signatures | https://jedisct1.github.io/minisign/
- apk - minisign - 0.12-r2: normalized package name match | Alpine Linux edge package indexes: minisign from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Simple tool to sign files and verify signatures | https://jedisct1.github.io/minisign/
- apk - minisign-doc - 0.12-r2: normalized package name match | Alpine Linux edge package indexes: minisign-doc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Simple tool to sign files and verify signatures (documentation) | https://jedisct1.github.io/minisign/
- dnf - minisign - 0.12-3.fc44: normalized package name match | Fedora Rawhide package metadata: minisign from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | A dead simple tool to sign files and verify digital signatures | https://github.com/jedisct1/minisign
- pacman - minisign - 0.12-2: normalized package name match | Arch Linux sync databases: minisign from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | A dead-simple tool to sign files and verify digital signatures | https://github.com/jedisct1/minisign
- zypper - minisign - 0.12-2.3: normalized package name match | openSUSE Tumbleweed package metadata: minisign from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | A dead simple tool to sign files and verify signatures | https://jedisct1.github.io/minisign/
- MacPorts - minisign: normalized package name match | MacPorts ports tree: security/minisign/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- Scoop - main/minisign: normalized package name match | Scoop official bucket manifest trees: bucket/minisign.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
- winget - jedisct1.minisign: normalized package name match | Windows Package Manager source index: jedisct1.minisign from https://cdn.winget.microsoft.com/cache/source.msix


## Related links

- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched curated package taxonomy and local package facts.
- [minisign](https://www.automicvault.com/pkg/brew/minisign/) - Same normalized package name appears in another local ecosystem. Shared terms: cli, cryptography, minisign, security, signatures.
- [minizign](https://www.automicvault.com/pkg/brew/minizign/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, cryptography, minisign, security, signatures.
- [blocking-proxy](https://www.automicvault.com/pkg/npm/blocking-proxy/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, cryptography, minimist, security.
- [minisign](https://www.automicvault.com/pkg/brew/minisign/) - Same normalized package name exists in another local package ecosystem.

## Sources

- Nucleus package database
- package-page enrichment
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
