update readme

Author: baileympearson

README.md

@@ -10,6 +10,35 @@ Zstandard compression library for Node.js
 npm install @mongodb-js/zstd
 ```
 
+### Release Integrity
+
+Releases are created automatically and signed using the [Node team's GPG key](https://pgp.mongodb.com/node-driver.asc). This applies to the git tag as well as all release packages provided as part of a GitHub release. To verify the provided packages, download the key and import it using gpg:
+
+```
+gpg --import node-driver.asc
+```
+
+The GitHub release contains a detached signature file for the NPM package (named
+`mongodb-js-zstd-X.Y.Z.tgz.sig`).
+
+The following command returns the link npm package. 
+```shell
+npm view @mongodb-js/zstd@vX.Y.Z dist.tarball 
+```
+
+Using the result of the above command, a `curl` command can return the official npm package for the release.
+
+To verify the integrity of the downloaded package, run the following command:
+```shell
+gpg --verify mongodb-js-zstd-X.Y.Z.tgz.sig mongodb-js-zstd-X.Y.Z.tgz
+```
+
+>[!Note]
+No verification is done when using npm to install the package. The contents of the Github tarball and npm's tarball are identical.
+
+To verify the native `.node` packages, follow the same steps as above using `mongodb-js-zstd-X.Y.Z-platform.tgz` and the corresponding `.sig` file.
+
+
 ## OS Support matrix
 
 |                  | node12 | node14 | node16 | node18 | node20 |
@@ -72,6 +101,11 @@ import { compress, decompress } from '@mongodb-js/zstd';
 
 ## Running Tests
 
+First, install and build the zstd library:
+
+`npm run install-zstd`
+
+Then:
 `npm test`
 
 ## Releasing