WingNews logo WingNews
top | item 45187430

(no title)

behindsight | 5 months ago

Reminder, you can audit all your npm packages to see if they provide provenance attestation with:

    npm audit signatures
you can use this to also provide a gentle reminder to package authors to consider setting one up (or replacing those that can't/won't)

Additional resources:

- Trusted publishing via OIDC [1]

- Requiring 2FA for package publishing [2]

1: https://docs.npmjs.com/trusted-publishers

2: https://docs.npmjs.com/requiring-2fa-for-package-publishing-...

discuss

order

No comments yet.