To increase supply chain security, we should publish npm packages with provenance, using `npm publish --provenance`. See [this page](https://docs.npmjs.com/generating-provenance-statements) to learn more.
