# bundler-checksum

Bundler patch for verifying local gem checksums

## Install

Add the following to your Gemfile:

```
if ENV['BUNDLER_CHECKSUM_VERIFICATION_OPT_IN'] # this verification is still experimental
  require 'bundler-checksum'
  Bundler::Checksum.patch!
end
```

## Usage

Once the gem is installed, bundler-checksum will verify gems before
installation.

If a new or updated gem is to be installed, the remote checksum of that gem is stored in `Gemfile.checksum`.
Checksum entries for other versions of the gem are removed from `Gemfile.checksum`.

If a version of a gem is to be installed that is already present in `Gemfile.checksum`, the remote and local
checksums are compared and an error is prompted if they do not match.

Gem checksums for all platforms are stored in `Gemfile.checksum`.
When `bundler-checksum` runs it will only verify the checksum for the platform that `bundle` wants to download.


## Development