Implement transparent builds
paulmillr opened this issue · comments
Paul Miller commented
Provenance allows to transparently build the package on github servers and provide public log.
It's already done for js-e-c dependencies. Example: https://www.npmjs.com/package/@scure/bip32, see the bottom part of the page.
To enable provenance, we need:
- Add github CI configuration file (I can do this) such as this one
- Generate NPM publish token on npmjs.org
- Add the publish token as
NPM_PUBLISH_TOKEN
secret env variable to github repository settings
https://github.blog/2023-04-19-introducing-npm-package-provenance/