-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom npm publish commands (provenance?) #3657
Comments
The npm docs on the topic explicitly call out (towards the end) that We'd also be interested in the feature though. |
I'm not entirely sure, maybe @JamesHenry can confirm, but I think this is now supported as per v6.6.2, it also look like it's going to be soon implemented into libnpmpublish as per this libnpmpublish PR |
Provenance is now fully supported when publishing with lerna as of v6.6.2 All of these methods (from https://docs.npmjs.com/generating-provenance-statements#using-third-party-package-publishing-tools) of letting lerna know about provenance are supported, so choose the one that works best for you: Here is a real example published with lerna: NOTE: Provenance is currently only supported by npm for Github Actions |
Description
Github announced provenance for publishing: https://github.blog/changelog/2023-04-19-npm-provenance-public-beta/
Is there a way to pass this through lerna publish to npm publish?
Motivation
Security/Provenance support for publishing, and the package has verifiable links back to its source code and build instructions.
Suggested Implementation
Either add this as a direct parameter, or a pattern to pass through commands to npm publish
The text was updated successfully, but these errors were encountered: