monperrus
commented
7 months ago done thanks to @ericcornelissen
Closed monperrus closed 7 months ago
monperrus
commented
7 months ago done thanks to @ericcornelissen
monperrus
commented
7 months ago provenance info still not showing up
ericcornelissen
commented
7 months ago provenance info still not showing up
I figured out why. The problem is:
Namely, Node.js v16 ships with an older version of npm which does not yet support the --provenance flag (kinda unfortunate it doesn't complain about the unknown flag). That's also why the example workflow from the npm docs on "Generating provenance statements" include the line:
- run: npm install -g npmBased on the fact that the workflow we used as a reference does not run npm install -g npm (which is somewhat dangerous) but installs Node.js v20 I suggest this approach takes the same approach.
monperrus
commented
7 months ago yes! switching to node 20 fixes the problem.
https://www.npmjs.com/package/crawler-user-agents has a provenance file.
thanks a lot!
our next step is to understand the content of the entry in the transparency log.
Travis CI is hardly usable.
Anybody to contribute the corresponding Github Actions workflow?
that would be great thanks!