JSPM

@ecoveraz/verify

0.1.0
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 11
  • Score
    100M100P100Q40768F
  • License MIT

Independent verifier for EvidenceChain Protocol v1 reports. Verifies content-integrity hashes against IPFS, Internet Archive Wayback, RFC 3161 timestamps, and public blockchain anchors. No EcoVeraZ infrastructure dependency.

Package Exports

  • @ecoveraz/verify
  • @ecoveraz/verify/src/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@ecoveraz/verify) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

@ecoveraz/verify

Independent verifier for EvidenceChain Protocol v1 reports.

Anyone can install this CLI and verify any EcoVeraZ report's cryptographic anchor chain without trusting EcoVeraZ. Designed for auditors, regulators, customers, investors, and anyone who wants to independently confirm the integrity of a sustainability disclosure report.

Install

npm install -g @ecoveraz/verify

Requires Node.js 18 or later.

Usage

evidencechain-verify <bundle-dir>
# or the shorter alias
evz-verify <bundle-dir>

<bundle-dir> must contain at minimum:

  • report.json — the canonical report payload
  • proof_anchor.json — the anchor receipts produced at report generation

Flags

--json     Machine-readable JSON output instead of human format
--help     Show usage

Exit codes

Code Meaning
0 verified — at least 2 anchor classes verified, none mismatched
1 partial — 1 anchor class verified, others unreachable
2 unverifiable — no anchors verified, none mismatched
3 tampered — at least 1 anchor returned a content-integrity mismatch
4 usage / error

Anchor classes verified

Per the EvidenceChain Protocol v1 specification:

Class Authority Status
T RFC 3161 trusted timestamp Stub — verify manually with openssl ts -verify
B Public blockchain Planned for v0.2.0
I IPFS content-address ✓ Implemented
A Internet Archive Wayback ✓ Implemented

How verification works

For each anchor class, the verifier independently fetches the anchor receipt from the authority's public infrastructure (e.g. an IPFS gateway, archive.org, etc.) and compares the receipt's content to the local bundle. EcoVeraZ infrastructure is never queried during verification — that is the point.

A report is considered verified only when at least 2 anchor classes return matching receipts. A report is considered tampered if any anchor class returns a mismatch.

Protocol

See the full EvidenceChain Protocol v1 specification at: https://github.com/ecoveraz/evidencechain-protocol

License

MIT