feat: add npm package provenance

Ref: https://github.blog/2023-04-19-introducing-npm-package-provenance/
2024-07-04 02:30:11 +02:00 · 2023-05-13 19:34:01 +02:00 · 2023-05-13 19:34:01 +02:00 · 26bbc075cf
commit 26bbc075cf
parent 41d9424940
4 changed files with 65 additions and 3 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -7,6 +7,11 @@ on:
 jobs:
  release:
    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: 'write'
+      issues: 'write'
+      pull-requests: 'write'
+      id-token: 'write'
    steps:
      - uses: 'actions/checkout@v3.5.2'

@ -24,6 +29,9 @@ jobs:

      - run: 'npm run build:typescript'

+      - name: 'Verify the integrity of provenance attestations and registry signatures for installed dependencies'
+        run: 'npm audit signatures'
+
      - name: 'Release'
        run: 'npm run release'
        env:
--- a/.npmrc
+++ b/.npmrc
@ -1 +1,2 @@
 save-exact=true
+provenance=true
--- a/package-lock.json
+++ b/package-lock.json
@ -48,7 +48,8 @@
        "typescript": "5.0.4"
      },
      "engines": {
-        "node": ">=16.0.0"
+        "node": ">=16.0.0",
+        "npm": ">=9.0.0"
      },
      "peerDependencies": {
        "socket.io": ">=3.0.0"
@ -15375,6 +15376,56 @@
        "wrap-ansi": "^7.0.0"
      }
    },
+    "node_modules/tap/node_modules/cliui/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dev": true,
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/tap/node_modules/cliui/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dev": true,
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/tap/node_modules/cliui/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+      "dev": true
+    },
+    "node_modules/tap/node_modules/cliui/node_modules/wrap-ansi": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "dev": true,
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
    "node_modules/tap/node_modules/code-excerpt": {
      "version": "3.0.0",
      "dev": true,
--- a/package.json
+++ b/package.json
@ -11,10 +11,12 @@
    "build"
  ],
  "engines": {
-    "node": ">=16.0.0"
+    "node": ">=16.0.0",
+    "npm": ">=9.0.0"
  },
  "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
  },
  "keywords": [
    "socket",