js-ethereum-cryptography icon indicating copy to clipboard operation
js-ethereum-cryptography copied to clipboard

Published 20 hours ago verified publisher icon ethereum

Implement transparent builds

Open paulmillr opened this issue 2 years ago • 0 comments

Provenance allows to transparently build the package on github servers and provide public log.

It's already done for js-e-c dependencies. Example: https://www.npmjs.com/package/@scure/bip32, see the bottom part of the page.

To enable provenance, we need:

  • [ ] Add github CI configuration file (I can do this) such as this one
  • [ ] Generate NPM publish token on npmjs.org
  • [ ] Add the publish token as NPM_PUBLISH_TOKEN secret env variable to github repository settings

https://github.blog/2023-04-19-introducing-npm-package-provenance/

paulmillr avatar Oct 05 '23 04:10 paulmillr