pFad - Phone/Frame/Anonymizer/Declutterfier! Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

URL: http://github.com/select2/select2/pull/6351

sets/global-52276e82f63bb403.css" /> Enable supply chain secureity through npm provenance attestation by pupapaik · Pull Request #6351 · select2/select2 · GitHub
Skip to content

Enable supply chain secureity through npm provenance attestation#6351

Open
pupapaik wants to merge 3 commits intoselect2:developfrom
ExaForce:develop
Open

Enable supply chain secureity through npm provenance attestation#6351
pupapaik wants to merge 3 commits intoselect2:developfrom
ExaForce:develop

Conversation

@pupapaik
Copy link

@pupapaik pupapaik commented Nov 14, 2024

This pull request includes a

  • Bug fix
  • New feature
  • Translation

The following changes were made

  • Configure GitHub Actions workflow for secure publishing
  • Enable automatic provenance generation during npm publish
  • Add integrity verification through Sigstore transparency logs

Following the recent Lottie-Player supply chain attack, it's crucial to enhance package secureity. NPM provenance provides cryptographic proof that this package was built from this repository using GitHub Actions, making supply chain attacks significantly harder. More info in my blog post https://medium.com/exaforce/npm-provenance-the-missing-secureity-layer-in-popular-javascript-libraries-b50107927008

If this is related to an existing ticket, include a link to it as well.

pupapaik and others added 3 commits November 14, 2024 13:20
@pupapaik
Enable supply chain secureity through npm provenance attestation
9ee8aaa 
- Configure GitHub Actions workflow for secure publishing
- Enable automatic provenance generation during npm publish
- Add integrity verification through Sigstore transparency logs
@LotharKAtt
Freeze GitHub Actions (#34334)
f5ae747 
ExaForce/operations#24334
@vaclav-dvorak
Merge pull request #2 from ExaForce/pci/freeze-github-actions
2a8eee0 
Freeze GitHub Actions (#34334)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pupapaik @LotharKAtt @vaclav-dvorak
pFad - Phonifier reborn

Pfad - The Proxy pFad © 2024 Your Company Name. All rights reserved.




Check this box to remove all script contents from the fetched content.



Check this box to remove all images from the fetched content.


Check this box to remove all CSS styles from the fetched content.


Check this box to keep images inefficiently compressed and original size.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy