Version History

The @sigstore/verify package, crucial for verifying Sigstore signatures within JavaScript environments, has undergone significant evolution across its versions. Initially released as version 0.1.0 in January 2024, it marked the beginning of the package's journey to provide reliable signature verification. A major upgrade occurred with version 1.0.0 in February 2024, signaling breaking changes and a more mature API, alongside updates to its core dependencies. Subsequent minor releases, such as 1.1.0, 1.1.1, 1.2.0, and 1.2.1, focused primarily on incorporating enhancements and bug fixes. These releases incrementally updated dependencies like @sigstore/core, @sigstore/bundle, and @sigstore/protobuf-specs to maintain compatibility and leverage new features.

October 2024 saw the release of version 2.0.0, another major version update introducing breaking changes focused on the @sigstore/core and @sigstore/bundle dependencies. Versions 2.1.0 and 2.1.1 continued this trend, refining the package and ensuring compatibility with the latest components of the Sigstore ecosystem. The most recent major release, version 3.0.0 in July 2025, represents a significant step forward, depending on the 3.X versions of @sigstore/core and 4.x versions of @sigstore/bundle indicating a substantial update. Each version reflects the evolving requirements and standards within the Sigstore project, ensuring developers have access to the most secure and up-to-date verification mechanisms. The package consistently maintains its Apache-2.0 license, emphasizing its commitment to open-source principles.