Skip to content

Commit

Permalink
feat: add npm package provenance
Browse files Browse the repository at this point in the history 
Ref: https://github.blog/2023-04-19-introducing-npm-package-provenance/
  • Loading branch information
@theoludwig
theoludwig committed May 13, 2023
1 parent 41d9424 commit 4dba3ad
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 3 deletions.
8 changes: 8 additions & 0 deletions .github/workflows/release.yml
View file
Expand Up @@ -7,6 +7,11 @@ on:
jobs:
release:
runs-on: 'ubuntu-latest'
permissions:
contents: 'write'
issues: 'write'
pull-requests: 'write'
id-token: 'write'
steps:
- uses: 'actions/checkout@v3.5.2'

Expand All @@ -24,6 +29,9 @@ jobs:

- run: 'npm run build:typescript'

- name: 'Verify the integrity of provenance attestations and registry signatures for installed dependencies'
run: 'npm audit signatures'

- name: 'Release'
run: 'npm run release'
env:
Expand Down
1 change: 1 addition & 0 deletions .npmrc
View file
@@ -1 +1,2 @@
save-exact=true
provenance=true
3 changes: 2 additions & 1 deletion package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 4 additions & 2 deletions package.json
View file
Expand Up @@ -11,10 +11,12 @@
"build"
],
"engines": {
"node": ">=16.0.0"
"node": ">=16.0.0",
"npm": ">=9.0.0"
},
"publishConfig": {
"access": "public"
"access": "public",
"provenance": true
},
"keywords": [
"socket",
Expand Down

0 comments on commit 4dba3ad

Please sign in to comment.