does node-pre-gyp (used by sqlite3 to download precompiled binaries) do hash verification?

if i were the nsa/cia and wanted to backdoor infrastructure, i'd have a thing built into s3 (cia is a large aws customer, mind you) that allows me to selectively serve backdoored binaries into node process space via the mapbox-node-binary bucket.