search

ecadlabs / taquito

A library for building dApps on the Tezos Blockchain - JavaScript / TypeScript
https://taquito.io
Apache License 2.0
298 stars 118 forks source link

Investigate npm package signing using sigstore #2081

Open jevonearth opened 1 year ago

jevonearth commented 1 year ago

Users of Taquito would like assurance that Taquito packages are secure and untampered via software supply chain attacks

Describe the solution you'd like

Investigate the use of sigstore.dev

Particularly; https://github.com/sigstore/sigstore-js

hu3man commented 1 year ago

Is this for Taqueria or Taquito @jev?