Closed K-Phoen closed 3 days ago
Adding provenance information to the NPM package published for the foundation-sdk allows us to publicly establish where a package was built and who published it, which can increase supply-chain security.
See:
Note: in addition to the changes introduced by this PR, the diff includes unreleased changes living in main.
main
Adding provenance information to the NPM package published for the foundation-sdk allows us to publicly establish where a package was built and who published it, which can increase supply-chain security.
See: