Is there a way to configure an npm package to require provenance and fail any publish attempts that don’t have it? I don’t think the Trusted Publisher stuff has that option, if I’m reading it correctly.
- Post #802
- Next November 25, 2025 at 5:35:45 PM UTC
- Previous November 25, 2025 at 2:24:00 PM UTC
- Tue, 25 Nov 2025 17:35:00 GMT — @zachleat.com - Zach Leatherman
- Original on Bluesky