Tools

Tools: sha256sum, shasum, Get-FileHash — and still no good way to compare hashes (2026)

2026-03-24 0 views admin
Tools: sha256sum, shasum, Get-FileHash — and still no good way to compare hashes (2026)

What it does

The algorithm situation

Partial hashes

For scripting

Should you use it over the native tools? I download a file. The website has a SHA-256 hash next to it. I want to verify it. So I run sha256sum, get a wall of hex, paste the expected hash next to it, and squint at two 64-character strings trying to spot any difference. For a quick one-off verification, the native tools are clunky. On Linux it's sha256sum, on macOS it's shasum -a 256, on Windows it's Get-FileHash. Different syntax, same manual effort. (Yes, sha256sum -c exists. But it expects a properly formatted checksum file — not a hash you just copied off a download page.) So I ended up building a small CLI for this: verify-integrity. Instead of just outputting a string or failing quietly, it shows you a character-by-character diff so you can see exactly where they diverge: Matching characters are dimmed, mismatching ones are bold. Useful when you're trying to figure out if you fat-fingered something or if the file is genuinely corrupted. Or, skip saving the file entirely and pipe straight from curl: Pass - as the file path and it reads from stdin. Standard Unix convention, works naturally in pipelines. SHA-256 is the default since that's what most things use these days, but you can switch: MD5 and SHA-1 are supported too for legacy stuff, though the README is upfront about the fact that MD5 is broken and SHA-1 is weak. I didn't want to pretend otherwise. Occasionally you'll see a shortened hash prefix in release notes or some internal tool, not the full hash. The --partial flag handles that: It checks whether the generated hash starts with your prefix. There's a warning built in if your prefix is under 8 characters — short enough that false positives become a real concern. --quiet kills all output and communicates purely through exit codes. 0 for a match, 1 for a mismatch. Drop it into any script or CI pipeline without worrying about parsing output. If the native tools are already muscle memory for you, honestly just keep using them. But if you switch between machines, script things cross-platform, or just want a clear pass/fail without the manual comparison — give it a shot. The npx invocation means you don't even have to commit to installing it. It's fully open-source. Feel free to audit the code, fork it, or open an issue over on GitHub. Would love to hear what you think. Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse

Command

Copy

$ npx verify-integrity ./myfile.zip 3a4c9877b483ab46d7c3fbe165a0db275e1ae3cfe56a5657e5a47c2f99a99d1e ✖ Hashes did not match! Integrity verification failed. Expected: 3a4c9877b483ab46d7c3fbe165a0db275e1ae3cfe56a5657e5a47c2f99a99d1e Generated: 3a4c9877b483ab46d7c3fbe165a0db275e1ae3cfe56a5657e5a47c2f99a99dab $ npx verify-integrity ./myfile.zip 3a4c9877b483ab46d7c3fbe165a0db275e1ae3cfe56a5657e5a47c2f99a99d1e ✖ Hashes did not match! Integrity verification failed. Expected: 3a4c9877b483ab46d7c3fbe165a0db275e1ae3cfe56a5657e5a47c2f99a99d1e Generated: 3a4c9877b483ab46d7c3fbe165a0db275e1ae3cfe56a5657e5a47c2f99a99dab $ npx verify-integrity ./myfile.zip 3a4c9877b483ab46d7c3fbe165a0db275e1ae3cfe56a5657e5a47c2f99a99d1e ✖ Hashes did not match! Integrity verification failed. Expected: 3a4c9877b483ab46d7c3fbe165a0db275e1ae3cfe56a5657e5a47c2f99a99d1e Generated: 3a4c9877b483ab46d7c3fbe165a0db275e1ae3cfe56a5657e5a47c2f99a99dab ✔ Hashes matched! Integrity verified. Generated hash: 3a4c9877b483ab46d7c3fbe165a0db275e1ae3cfe56a5657e5a47c2f99a99d1e ✔ Hashes matched! Integrity verified. Generated hash: 3a4c9877b483ab46d7c3fbe165a0db275e1ae3cfe56a5657e5a47c2f99a99d1e ✔ Hashes matched! Integrity verified. Generated hash: 3a4c9877b483ab46d7c3fbe165a0db275e1ae3cfe56a5657e5a47c2f99a99d1e -weight: 500;">curl -sL https://example.com/file.zip | verify-integrity - 3a4c9877b483ab46... -weight: 500;">curl -sL https://example.com/file.zip | verify-integrity - 3a4c9877b483ab46... -weight: 500;">curl -sL https://example.com/file.zip | verify-integrity - 3a4c9877b483ab46... verify-integrity -a sha512 ./file.tar.gz 9b71d224bd62f378... verify-integrity -a sha512 ./file.tar.gz 9b71d224bd62f378... verify-integrity -a sha512 ./file.tar.gz 9b71d224bd62f378... verify-integrity -p ./myfile.zip abcd1234 verify-integrity -p ./myfile.zip abcd1234 verify-integrity -p ./myfile.zip abcd1234 verify-integrity -q ./release.tar.gz 3a4c9877b483ab46... && deploy.sh verify-integrity -q ./release.tar.gz 3a4c9877b483ab46... && deploy.sh verify-integrity -q ./release.tar.gz 3a4c9877b483ab46... && deploy.sh npx verify-integrity <file> <expected_hash> npx verify-integrity <file> <expected_hash> npx verify-integrity <file> <expected_hash>

🏷️ Tags

toolsutilitiessecurity toolssha256sumshasumfilehashstillcomparehashes

More from Tools

Tools: Gas-Aware Trading: Execute Only When Gas Is Cheap (2026)

Tools: Gas-Aware Trading: Execute Only When Gas Is Cheap (2026)

2026-03-30 0
Tools: Grafana k6 Has a Free API That Load Tests Your APIs With JavaScript - Full Analysis

Tools: Grafana k6 Has a Free API That Load Tests Your APIs With JavaScript - Full Analysis

2026-03-30 0
Tools: Caddy Has a Free API That Gives You Automatic HTTPS With Zero Configuration (2026)

Tools: Caddy Has a Free API That Gives You Automatic HTTPS With Zero Configuration (2026)

2026-03-30 0
Tools: Fly.io Has a Free API That Deploys Docker Apps Globally With Edge Hosting (2026)

Tools: Fly.io Has a Free API That Deploys Docker Apps Globally With Edge Hosting (2026)

2026-03-30 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views