search

gajus / eslint-plugin-jsdoc

JSDoc specific linting rules for ESLint.
Other
1.1k stars 160 forks source link

Enable Publish Attestation (Provenance) #1299

Closed elliot-huffman closed 2 months ago

elliot-huffman commented 3 months ago

Enable provenance on the NPM publish command so that attestation data is available in the NPM public registry to reduce the risk of a supply chain attack.

This is a non-breaking change and provides additional metadata for system that know how to consume this additional package metadata. Non-supported systems ignore this.

NPM Publish Command Docs (on provenance): https://docs.npmjs.com/generating-provenance-statements

Semantic Release support statement: https://github.com/semantic-release/npm?tab=readme-ov-file#npm-provenance

brettz9 commented 3 months ago

@gajus : Do you want to take a look?

gajus commented 3 months ago

This looks well intended. Not familiar with the configuration, but support it.

github-actions[bot] commented 2 months ago

:tada: This issue has been resolved in version 50.2.5 :tada:

The release is available on:

Your semantic-release bot :package::rocket: