feat: add npm package provenance

Ref: https://github.blog/2023-04-19-introducing-npm-package-provenance/
This commit is contained in:
Divlo 2023-05-13 17:02:20 +02:00
parent 882416cb49
commit ef5635380c
No known key found for this signature in database
GPG Key ID: 8F9478F220CE65E9
3 changed files with 13 additions and 0 deletions

View File

@ -7,6 +7,11 @@ on:
jobs:
build:
runs-on: 'ubuntu-latest'
permissions:
contents: 'write'
issues: 'write'
pull-requests: 'write'
id-token: 'write'
steps:
- uses: 'actions/checkout@v3.5.2'
@ -22,6 +27,9 @@ jobs:
- name: 'Build Package'
run: 'npm run build'
- name: 'Verify the integrity of provenance attestations and registry signatures for installed dependencies'
run: 'npm audit signatures'
- name: 'Release'
run: 'npm run release'
env:

1
.npmrc
View File

@ -1 +1,2 @@
save-exact=true
provenance=true

View File

@ -23,6 +23,10 @@
"files": [
"dist"
],
"publishConfig": {
"access": "public",
"provenance": true
},
"scripts": {
"build": "tsup",
"test": "jest",