Appearance
vix verify
Verify a Vix package against the vix.manifest.v2 schema.
Usage
bash
vix verify [options]
vix verify --path <folder|artifact.vixpkg>Description
vix verify validates:
- Manifest structure (v2 schema)
- Package integrity
- Optional checksums (
checksums.sha256) - Optional minisign signatures
By default, it auto-detects the package when run inside a project.
Auto-detection Rules
When no --path is provided:
If current directory contains
manifest.json→ verify current directoryIf current directory contains
CMakeLists.txt→ verify latestdist/*/manifest.jsonIf
./distexists → verify latestdist/*/manifest.json
Options
bash
-p, --path <path> Package folder or .vixpkg artifact
--pubkey <path> minisign public key
--verbose Detailed verification output
--strict Fail on missing optional security metadata
--require-signature Require valid signature
--no-sig Skip signature verification
--no-hash Skip checksums verification
-h, --help Show helpSignature Behavior
- If
meta/payload.digest.minisigis missing:- Warning by default
- Error with
--require-signatureor--strict
Public key resolution order:
--pubkeyVIX_MINISIGN_PUBKEY- Default key locations
Exit Codes
0 Verification OK
1 Verification failedExamples
Verify auto-detected package:
bash
vix verifyVerbose mode:
bash
vix verify --verboseVerify specific folder:
bash
vix verify --path ./dist/blog@1.0.0Require signature:
bash
vix verify --require-signatureVerify archive:
bash
vix verify --path ./dist/blog@1.0.0.vixpkgProvide public key:
bash
vix verify --pubkey ./keys/vix-pack.pub --require-signatureUsing environment variable:
bash
VIX_MINISIGN_PUBKEY=./keys/vix-pack.pub vix verify --strictTypical Workflow
bash
vix pack --version 1.0.0
vix verify --require-signaturevix verify ensures package integrity and reproducible distribution.