Enable supply chain security through npm provenance attestation

[pupapaik]

• Configure GitHub Actions workflow for secure publishing
• Enable automatic provenance generation during npm publish
• Add integrity verification through Sigstore transparency logs

Following the recent Lottie-Player supply chain attack, it's crucial to enhance package security. NPM provenance provides cryptographic proof that this package was built from this repository using GitHub Actions, making supply chain attacks significantly harder. More info in my blog post https://medium.com/exaforce/npm-provenance-the-missing-security-layer-in-popular-javascript-libraries-b50107927008

[pupapaik]

any update? does anyone care?