search

ChainSafe / lodestar

🌟 TypeScript Implementation of Ethereum Consensus
https://lodestar.chainsafe.io
Apache License 2.0
1.15k stars 283 forks source link

Publish the npm provenance data #5423

Open nazarhussain opened 1 year ago

nazarhussain commented 1 year ago

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Github recently allowed a new feature to publish the npm package provenance data linked to npm publish page. See the link in the additional context

Describe alternatives you've considered

There is no automated alternative for now.

Additional context https://github.blog/2023-04-19-introducing-npm-package-provenance/

philknows commented 1 year ago

Is this a sufficient alternative to closing #3596 ? Also related to our discussion about managing dependencies #3470 .

wemeetagain commented 1 year ago

Is this a sufficient alternative to closing https://github.com/ChainSafe/lodestar/issues/3596

No, #3596 is about mitigating supply-chain attacks on our dependencies. This is just helpful for lodestar library users, so they can better trust the validity of our libraries (eg @lodestar/config)