feat: git cloning should verify the cryptograhic hash

### Feature Description

The cloning operation [here](https://github.com/withcatai/node-llama-cpp/blob/master/src/bindings/utils/cloneLlamaCppRepo.ts#L104) just clones the latest revision.

Git is not a secure protocol and resulting download can be easily substituted by a malicious party who might control network connections.

Such git clone should be always for a particular repository tag or revision, and should always verify the cryptographic hash of the downloaded content.

In fact there is no need for clone. You can just download a desired tarball.

### The Solution

Verify cryptographic hash.

### Considered Alternatives

Alternatives are not secure.

### Additional Context

_No response_

### Related Features to This Feature Request

- [ ] Metal support
- [ ] CUDA support
- [ ] Vulkan support
- [ ] Grammar
- [ ] Function calling

### Are you willing to resolve this issue by submitting a Pull Request?

Yes, I have the time, and I know how to start.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: git cloning should verify the cryptograhic hash #587

Feature Description

The Solution

Considered Alternatives

Additional Context

Related Features to This Feature Request

Are you willing to resolve this issue by submitting a Pull Request?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

feat: git cloning should verify the cryptograhic hash #587

Description

Feature Description

The Solution

Considered Alternatives

Additional Context

Related Features to This Feature Request

Are you willing to resolve this issue by submitting a Pull Request?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions