You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 9, 2023. It is now read-only.
I really don't think it's a good idea to recommend or link to it yet. Publishing from CI is very unsafe unless using actual two-factor (an automation token is one-factor), and it remains unclear to me what the value of provenance even is, since I'm not aware of any actual incidents it would have prevented.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
npm recently introduces the Generating provenance statements. I think it will be a good idea to include a reference in the release section
Should I create a PR for that?
cc: @lirantal @ljharb
The text was updated successfully, but these errors were encountered: