I need to know if i can trust them or are all Modules from https://www.powershellgallery.com/ published by microsoft ?
I saw powershellget(module) on https://learn.microsoft.com/de-de/powershell/module/powershellget/?view=powershellget-3.x but also on psgallary but everyone can publish there. But i need to know for work , if we install other modules .
I know if u install a module u get a prompt with this information (if untrusted) , but why can i just read it in the web or a hash key for verification ?
Thanks for help.
I am german , sry for my english <3
The only thing necessary to publish code to PS Gallery is an Azure Account. And that in it self doesn't guarantee the id of the publisher.
What you are looking for is signed code, which isn't a requirement for uploading code to PS Gallery.
The signature of the code will be inspected automatically by PowerShell before execution.
After you've installed a module or a script from PS Gallery, you can verify that the signature is valid by hand (if one is present) using
Get-AuthenticodeSignature -FilePath "C:\Test\NewScript.ps1"
Ref: