Commit cb8bb2b
chore(ci): Publish to NPM with provenance (#5835)
The release process in this repository is already automated via
GitHub Actions, which is a great first step toward creating trust in the
supply chain. Recently, NPM has started to support publishing with the
`--provenance` flag. This flag creates a link between the GitHub Actions
run that created the release and the final artifact on NPM. This linkage
further ensures that package installs can be traced back to a specific
code revision.
For more information on publishing with provenance, please refer to:
https://github.blog/2023-04-19-introducing-npm-package-provenance/
Co-authored-by: Jay <[email protected]>
Co-authored-by: Dmitriy Mozgovoy <[email protected]>1 parent 37cbf92 commit cb8bb2b
1 file changed
Lines changed: 5 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
11 | 11 | | |
12 | 12 | | |
13 | 13 | | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
14 | 17 | | |
15 | 18 | | |
16 | 19 | | |
| |||
22 | 25 | | |
23 | 26 | | |
24 | 27 | | |
25 | | - | |
| 28 | + | |
26 | 29 | | |
27 | 30 | | |
28 | 31 | | |
| |||
50 | 53 | | |
51 | 54 | | |
52 | 55 | | |
53 | | - | |
| 56 | + | |
54 | 57 | | |
55 | 58 | | |
56 | 59 | | |
| |||
0 commit comments