-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support verification for npm SLSA v1.0 #614
Labels
Comments
ianlewis
added this to the Verification of npm packages built by OSSF GitHub builder milestone
May 25, 2023
What is "npm v1.0"? |
laurentsimon
changed the title
Support verification for npm v1.0
Support verification for npm SLSA v1.0
Jun 21, 2023
Updated the title.. I meant npm SLSA v1.0 format |
npm CLI is close to having support for v1 format npm/cli#6613 |
Closed
Duplicate to #450 |
ramonpetgrave64
added a commit
that referenced
this issue
Jul 30, 2024
Fixes #614, #450, #449, #515 Adds support for NPM CLIs build provenances, generated when running `npm publish --provenance --access public` from a [GitHub Actions workflow](https://github.com/ramonpetgrave64/gundam-visor/blob/599500821344b070902a7a5666064bfdaba715df/.github/workflows/npm-publish.yml#L21). ## Testing - added unit tests for some new helper functions - added regression test cases ## Future work - #493, so we can do `--print-provenance` - implemented in #768 (comment) --------- Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: