Skip to content

[BUG] Unable to generate provenance from trusted publishing workflow #8558

New issue
New issue
Open
Open
[BUG] Unable to generate provenance from trusted publishing workflow#8558
Labels
Bugthing that needs fixingNeeds Triageneeds review for next steps
@jrvidal

Description

@jrvidal
jrvidal
opened on Sep 10, 2025

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

I am publishing a package in GitLab public runners with trusted publishing. Provenance statements are not generated.

https://www.npmjs.com/package/codemirror-lang-scheme?activeTab=versions

Expected Behavior

According to the docs, provenance should be automatically added without adding the --provenance flag.

Steps To Reproduce

I've tried in several, slightly different ways, but see the pipelines logs. In particular:

The package is (AFAIK) properly configured for trusted publishing: screenshot

Environment

  • npm: 11.5.1, 11.5.2, 11.6.0
  • Node.js: 22.x, 24.x
  • OS Name: Ubuntu

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bugthing that needs fixingNeeds Triageneeds review for next steps

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions