diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e782cf0..2e0ce3a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,6 +7,11 @@ on: jobs: release: runs-on: 'ubuntu-latest' + permissions: + contents: 'write' + issues: 'write' + pull-requests: 'write' + id-token: 'write' steps: - uses: 'actions/checkout@v3.5.2' @@ -24,6 +29,9 @@ jobs: - run: 'npm run build:typescript' + - name: 'Verify the integrity of provenance attestations and registry signatures for installed dependencies' + run: 'npm audit signatures' + - name: 'Release' run: 'npm run release' env: diff --git a/.npmrc b/.npmrc index cffe8cd..3da3cf4 100644 --- a/.npmrc +++ b/.npmrc @@ -1 +1,2 @@ save-exact=true +provenance=true diff --git a/package-lock.json b/package-lock.json index 46eba2a..430339c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -48,7 +48,8 @@ "typescript": "5.0.4" }, "engines": { - "node": ">=16.0.0" + "node": ">=16.0.0", + "npm": ">=9.0.0" }, "peerDependencies": { "socket.io": ">=3.0.0" @@ -15375,6 +15376,56 @@ "wrap-ansi": "^7.0.0" } }, + "node_modules/tap/node_modules/cliui/node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/tap/node_modules/cliui/node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/tap/node_modules/cliui/node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true + }, + "node_modules/tap/node_modules/cliui/node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, "node_modules/tap/node_modules/code-excerpt": { "version": "3.0.0", "dev": true, diff --git a/package.json b/package.json index 8ea21bc..98a8273 100644 --- a/package.json +++ b/package.json @@ -11,10 +11,12 @@ "build" ], "engines": { - "node": ">=16.0.0" + "node": ">=16.0.0", + "npm": ">=9.0.0" }, "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "keywords": [ "socket",