Skip to content

Commit

Permalink
Generate provenance statements on npm publish
Browse files Browse the repository at this point in the history 
This PR adds [Provenance statements](https://docs.npmjs.com/generating-provenance-statements) on `npm publish`, increasing supply-chain security.
  • Loading branch information
@wojtekmaj
wojtekmaj committed Jul 1, 2024
1 parent b5d554e commit aaa65bf
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion .github/workflows/publish_release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ on:
types: [published]
permissions:
contents: read
id-token: write

jobs:
publish:
Expand Down Expand Up @@ -33,6 +34,6 @@ jobs:
run: npx gulp dist

- name: Publish the `pdfjs-dist` library to NPM
run: npm publish ./build/dist
run: npm publish ./build/dist --provenance
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

0 comments on commit aaa65bf

Please sign in to comment.