provenance-action
devtool"provenance-action" is a GitHub Action for npm package maintainers that automatically fails CI if any dependency in the lockfile loses its npm provenance or trusted publisher status. It's designed for security-conscious developers and teams who want to enforce supply-chain integrity by ensuring all dependencies are verifiably published from trusted sources. This is interesting because it shifts provenance verification from a manual audit to an automated, continuous enforcement point in the development pipeline.
Cross-platform signals
You might also like
More in devtool
OpenAI-compatible proxy that aggregates free-tier keys from ~14 AI providers with automatic failover. For personal exper…
Desktop Companion for Hermes Agent
Unstyled UI components for building accessible web apps and design systems. From the creators of Radix, Floating UI, and…