@ajay welcome to the forum.
The downloads are code-signed using Joplin's certificates so any modifications would show as a code-signing failure.
Of course this does not apply to Linux AppImages so the devs provide a SHA512 hash for the AppImage so the download integrity can be confirmed.
