From 81dd141b6d7db31c8654111e414bb7781e72281f Mon Sep 17 00:00:00 2001
From: Idris Regg <idrisregg@gmail.com>
Date: Sun, 28 Dec 2025 15:23:56 +0100
Subject: [PATCH 1/3] fixed signature validation logical error

The previous code was logic confusing having OR operator that returned check of is it invalid instead of is it valid
---
 src/utils/index.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/utils/index.ts b/src/utils/index.ts
index 42e8d44..e703958 100644
--- a/src/utils/index.ts
+++ b/src/utils/index.ts
@@ -28,11 +28,11 @@ export function verifySignature(
 
   if (
     signatureBuffer.length !== digest.length ||
-    !crypto.timingSafeEqual(digest, signatureBuffer)
   ) {
     throw new Error('The signature is invalid.');
   }
-
-  console.log('The signature is valid');
+  if(crypto.timingSafeEqual(digest, signatureBuffer){
+    throw new Error('invalid signature: content mismatch') 
+  }
   return true;
 }

From c6c93e93483d72143073beb91d168341f7b03b09 Mon Sep 17 00:00:00 2001
From: Idris Regg <idrisregg@gmail.com>
Date: Sun, 28 Dec 2025 15:25:49 +0100
Subject: [PATCH 2/3] Update index.ts

---
 src/utils/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/utils/index.ts b/src/utils/index.ts
index e703958..8cebaab 100644
--- a/src/utils/index.ts
+++ b/src/utils/index.ts
@@ -27,7 +27,7 @@ export function verifySignature(
   const signatureBuffer = Buffer.from(signature, 'utf8');
 
   if (
-    signatureBuffer.length !== digest.length ||
+    signatureBuffer.length !== digest.length
   ) {
     throw new Error('The signature is invalid.');
   }

From b63920ff9483b6edae138df1465c71e6d714c23b Mon Sep 17 00:00:00 2001
From: Idris Regg <idrisregg@gmail.com>
Date: Sun, 28 Dec 2025 15:28:07 +0100
Subject: [PATCH 3/3] Update index.ts

---
 src/utils/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/utils/index.ts b/src/utils/index.ts
index 8cebaab..de7cc4a 100644
--- a/src/utils/index.ts
+++ b/src/utils/index.ts
@@ -31,7 +31,7 @@ export function verifySignature(
   ) {
     throw new Error('The signature is invalid.');
   }
-  if(crypto.timingSafeEqual(digest, signatureBuffer){
+  if(!crypto.timingSafeEqual(digest, signatureBuffer){
     throw new Error('invalid signature: content mismatch') 
   }
   return true;