Provenance allows to transparently build the package on github servers and provide public log.

It's already done for js-e-c dependencies. Example: https://www.npmjs.com/package/@scure/bip32, see the bottom part of the page.

To enable provenance, we need:

• Add github CI configuration file (I can do this) such as this one
• Generate NPM publish token on npmjs.org
• Add the publish token as NPM_PUBLISH_TOKEN secret env variable to github repository settings

https://github.blog/2023-04-19-introducing-npm-package-provenance/