Skip to content
Latchkey

Hash Verification - CI/CD Glossary Definition

Hash verification is recomputing an artifact's hash and comparing it to a trusted expected value to confirm integrity. A checksum proves nothing was altered; a signature also proves who produced it.

In CI

Package managers do this automatically: pip install --require-hashes and npm ci reject any dependency whose hash does not match the lockfile, blocking tampered packages.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →