Update sources/npmRegistryUtils.ts

Co-authored-by: Antoine du Hamel <duhamelantoine1995@gmail.com>

Author: geigerzaehler

sources/npmRegistryUtils.ts

@@ -47,7 +47,7 @@ const getVerificationKeys = once(async (): Promise<Array<{ keyid: string, key: K
     // See https://github.com/npm/cli/blob/3a80a7b7d168c23b5e297cba7b47ba5b9875934d/lib/utils/verify-signatures.js#L174
     // We only support sigstore for NPM. For other registries
     // COREPACK_INTEGRITY_KEYS can be used.
-    const sigstoreTufClient = await sigstoreTuf.initTUF();
+    const sigstoreTufClient = await sigstoreTuf.initTUF({ cachePath: path.join(folderUtils.getCorepackHomeFolder(), `_tuf`) });
     const keysRaw = await sigstoreTufClient.getTarget(`registry.npmjs.org/keys.json`);
     // The format of the key file is undocumented, unfortunately. `rawBytes` is
     // the PEM content, i.e. base64 encoded SPKI DER.