The Microsoft Winget client verified works by using a combination of digital signatures and hash values to verify the authenticity of packages. When a user installs a package using Winget, the client checks the package's digital signature and hash value against a list of known good values. If the package passes the verification process, it is installed on the device. If the package fails verification, it is not installed, and the user is notified.
winget --verify
This will display the version of the Winget client installed on your device. To verify that the client is working correctly, you can use the following command: microsoft winget client verified