A shasum.txt file is created as a part of every automated release. Github will checkout the source code, build the mods and then generate sha256 checksums for each artifact. You can verify the files you download match by generating the checksums on your machine.

Linux

1. Download both the schedule-one-mods_[version].zip and shasum.txt files
2. Run shasum -c shasum.txt

Windows

1. Download both the schedule-one-mods_[version].zip and shasum.txt files
2. Run certutil -hashfile C:\path\to\zipfile SHA256 in Windows Terminal/Powershell/CMD (see external article for detailed instructions including screenshots)
3. Compare the output of the previous command to the contents of shasum.txt

You can verify the attached artifact is the same as the one generated by Github by viewing the job output of the release action and comparing the hashes. Look for the section named Create Checksums. Do note that Github automatically deletes job output after 90 days.