Comment by mathuo

Comment by mathuo 7 days ago

1 reply

View on Hacker News

This is in related to the publication of the package to npm. All of the publications are verified with provenance statements as supported by NPM directly; it's something I believe all NPM packages should be required to use but as of now it's optional; it simply provided verifiable signatures as to what was built and how it was built.

https://docs.npmjs.com/generating-provenance-statements

https://www.npmjs.com/package/dockview#provenance