<p>Is there a way to configure an npm package to *require* provenance and fail any publish attempts that don’t have it? I don’t think the Trusted Publisher stuff has that option, if I’m reading it correctly.</p>
- Post #803
- Next November 28, 2025 at 3:38:00 PM UTC
- Previous November 25, 2025 at 5:35:00 PM UTC
- Tue, 25 Nov 2025 17:35:45 GMT — Zach Leatherman
- Original on Fediverse