Skip to content

v0.5.2 — npm provenance + Astro catalog auto-discovery

Choose a tag to compare

View all tags
@aagarwal1012 aagarwal1012 released this 12 May 11:50
· 81 commits to main since this release
v0.5.2
a16b370
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

Supply-chain hardening — every `@dualmark/*` tarball is now signed with npm provenance attestation. Each package on npmjs.com gets a verified "Provenance" badge tying the artifact to this exact GitHub Actions workflow run and commit SHA. Consumers can verify with:

```bash
npm audit signatures
```

No API changes inside any package — this is a release-pipeline upgrade.

Changes

`@dualmark/astro` 0.5.2

  • ✨ Added `seo`, `performance`, `optimization` keywords to enable auto-discovery by the Astro Integrations catalog. `@dualmark/astro` will appear under "Performance + SEO" on the next weekly catalog sync (no runtime change).

All `@dualmark/*` packages 0.5.2

  • 🔐 Release pipeline switched from `bun publish` to `bun pm pack` + `npm publish --provenance` (because bun 1.3.5 doesn't yet support `--provenance` — see oven-sh/bun#15601).
  • 📝 `CONTRIBUTING.md` updated with the new release flow + how to verify provenance.

Full changelogs

Assets 2
Loading