@sigstore/tuf ·   
A JavaScript library for securely retrieving targets from the Sigstore [TUF][1] repository.
Features
- Embeds the trutsted root metadata file necessary to bootstrap interaction with the Sigstore TUF repository. - Automatically initializes the local TUF cache for storing metadata and target files.
`javascript import { initTUF } from '@sigstore/tuf'; `
$3
Returns a TUF client which can be used to retrieve any target from the Sigstore TUF repository. The local TUF cache will be initialized and the TUF metadata files downloaded from the [remote repository][2] as part of the initialization process.
- options
The TUF client object returned from initTUF has a single getTarget function which takes the name of a target in the Sigstore TUF repository and returns the content of that target.
$3
Retrieves the most recent version of the "trusted_root.json" target from the Sigstore TUF repository. The format of "trusted_root.json" file is described by the [TrustedRoot][3] protobuf and contains the complete set of trusted verification materials for the Sigstore public-good instance.