Generate provenance statements #12725
diego-betto
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I'm using @lirantal
npqsecurity tool and I've noticed that the provenance statement is not available for this package.Provenance is an interesting feature which can increase supply-chain security for your packages.
"This allows you to publicly establish where a package was built and who published a package"
Ref and guide: https://docs.npmjs.com/generating-provenance-statements
I think can be usefull in today's security scenarios.
Beta Was this translation helpful? Give feedback.
All reactions