Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publish the npm provenance data #5423

Open
nazarhussain opened this issue Apr 26, 2023 · 2 comments
Open

Publish the npm provenance data #5423

nazarhussain opened this issue Apr 26, 2023 · 2 comments
Assignees
@nazarhussain
Labels
prio-low This is nice to have. scope-security Issues that fix security issues: DOS, key leak, CVEs.

Comments

@nazarhussain
Copy link
Contributor

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Github recently allowed a new feature to publish the npm package provenance data linked to npm publish page. See the link in the additional context

Describe alternatives you've considered

There is no automated alternative for now.

Additional context
https://github.blog/2023-04-19-introducing-npm-package-provenance/
@philknows philknows added the scope-security Issues that fix security issues: DOS, key leak, CVEs. label Apr 28, 2023
@philknows
Copy link
Member

Is this a sufficient alternative to closing #3596 ? Also related to our discussion about managing dependencies #3470 .

@wemeetagain
Copy link
Member

Is this a sufficient alternative to closing #3596

No, #3596 is about mitigating supply-chain attacks on our dependencies.
This is just helpful for lodestar library users, so they can better trust the validity of our libraries (eg @lodestar/config)

@philknows philknows added the prio-medium Resolve this some time soon (tm). label Nov 7, 2023
@philknows philknows added prio-low This is nice to have. and removed prio-medium Resolve this some time soon (tm). labels Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nazarhussain nazarhussain

Labels
prio-low This is nice to have. scope-security Issues that fix security issues: DOS, key leak, CVEs.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nazarhussain @wemeetagain @philknows