[BUG] provenance is not generated when published from GitHub actions #8018
Labels
Comments
paulmillr
added
Bug
|
I just published micro-ftch and the provenance was added correctly. The only difference in the flow is that post-quantum did So I think it's regression in newest npm version. https://github.com/paulmillr/micro-ftch/actions/runs/12698324948 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
noble-post quantum and other packages have been using github actions to publish to npm, using provenance feature: https://github.com/paulmillr/noble-post-quantum/actions/runs/12591336568/job/35094301187
NPM package of the repo does not show the fact the latest release has been published using "verified" provenance, no checkbox
https://www.npmjs.com/package/@noble/post-quantum?activeTab=readme
The text was updated successfully, but these errors were encountered: