OpenProduct

provenance-action

devtool
Visit site
0
Tracked since 2026-05-25
Share
AI Summary

"provenance-action" is a GitHub Action for npm package maintainers that automatically fails CI if any dependency in the lockfile loses its npm provenance or trusted publisher status. It's designed for security-conscious developers and teams who want to enforce supply-chain integrity by ensuring all dependencies are verifiably published from trusted sources. This is interesting because it shifts provenance verification from a manual audit to an automated, continuous enforcement point in the development pipeline.

Cross-platform signals

GH
GitHub
View
306
stars
6
forks
Updated 2026-07-05

You might also like

More in devtool