Custom npm publish commands (provenance?) #3657
Comments
|
The npm docs on the topic explicitly call out (towards the end) that We'd also be interested in the feature though. |
|
I'm not entirely sure, maybe @JamesHenry can confirm, but I think this is now supported as per v6.6.2, it also look like it's going to be soon implemented into libnpmpublish as per this libnpmpublish PR |
|
Provenance is now fully supported when publishing with lerna as of v6.6.2 All of these methods (from https://docs.npmjs.com/generating-provenance-statements#using-third-party-package-publishing-tools) of letting lerna know about provenance are supported, so choose the one that works best for you:
Here is a real example published with lerna:
NOTE: Provenance is currently only supported by npm for Github Actions |
and others
Description
Github announced provenance for publishing: https://github.blog/changelog/2023-04-19-npm-provenance-public-beta/
Is there a way to pass this through lerna publish to npm publish?
Motivation
Security/Provenance support for publishing, and the package has verifiable links back to its source code and build instructions.
Suggested Implementation
Either add this as a direct parameter, or a pattern to pass through commands to npm publish
The text was updated successfully, but these errors were encountered: